diff options
author | Gavin Howard <gavin@yzena.com> | 2021-07-25 17:10:32 -0600 |
---|---|---|
committer | Gavin Howard <gavin@yzena.com> | 2021-07-25 17:25:30 -0600 |
commit | 53888be2fb9837f96e876b353daeb28ccff83750 (patch) | |
tree | 1524b486d2a52db26369720dc6663dcb786757d3 /src | |
parent | b9d3383a6cf0a6c055159596d0ef7802cce5bb04 (diff) | |
download | platform_external_bc-53888be2fb9837f96e876b353daeb28ccff83750.tar.gz platform_external_bc-53888be2fb9837f96e876b353daeb28ccff83750.tar.bz2 platform_external_bc-53888be2fb9837f96e876b353daeb28ccff83750.zip |
Fix a crash found by AFL++
This was caused by a misuse of bc_slabvec_undo(). Well, actually, it was
a bad design with slab vectors in general. This fixes that design flaw.
Signed-off-by: Gavin Howard <gavin@yzena.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/vector.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/vector.c b/src/vector.c index 2530deb2..de54f913 100644 --- a/src/vector.c +++ b/src/vector.c @@ -491,6 +491,7 @@ char* bc_slabvec_strdup(BcVec *v, const char *str) { size_t len; BcSlab slab; BcSlab *slab_ptr; + size_t alloc; BC_SIG_ASSERT_LOCKED; @@ -501,7 +502,7 @@ char* bc_slabvec_strdup(BcVec *v, const char *str) { len = strlen(str) + 1; // If the len is greater than 128, then just allocate it with malloc. - if (BC_UNLIKELY(len > 128)) { + if (BC_UNLIKELY(len > BC_SLAB_SIZE)) { size_t idx = v->len - 1; @@ -509,9 +510,10 @@ char* bc_slabvec_strdup(BcVec *v, const char *str) { slab.len = SIZE_MAX; slab.s = bc_vm_strdup(str); - // This makes the direct malloc() allocation the second-to-last slab in - // the slab vector, thus always keeping a valid slab last. - bc_vec_pushAt(v, &slab, idx); + bc_vec_push(v, &slab); + + slab_ptr = bc_vec_pushEmpty(v); + bc_slab_init(slab_ptr); return slab.s; } |