diff options
| author | Eric Haszlakiewicz <erh+git@nimenees.com> | 2017-07-08 19:04:35 -0700 |
|---|---|---|
| committer | Eric Haszlakiewicz <erh+git@nimenees.com> | 2017-07-08 19:04:35 -0700 |
| commit | fd9b3b22603c6fe8410d6809a206ab1534b25dc4 (patch) | |
| tree | 0f23b9f961fa5ffd08bb1f73f1655fcb742c4d8b /arraylist.c | |
| parent | 7fd74fc7a3e69fb92f51ff94d4e1e20c72ba3682 (diff) | |
| download | json-c-fd9b3b22603c6fe8410d6809a206ab1534b25dc4.tar.gz | |
Issue #332: fix a long-standing bug in array_list_put_idx() where it would attempt to free previously free'd entries due to not checking the current array length.
Add a test that triggers the problem to ensure it stays fixed.
Diffstat (limited to 'arraylist.c')
| -rw-r--r-- | arraylist.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/arraylist.c b/arraylist.c index e859dfd..8439cc2 100644 --- a/arraylist.c +++ b/arraylist.c @@ -96,7 +96,8 @@ array_list_put_idx(struct array_list *arr, size_t idx, void *data) { if (idx > SIZE_T_MAX - 1 ) return -1; if(array_list_expand_internal(arr, idx+1)) return -1; - if(arr->array[idx]) arr->free_fn(arr->array[idx]); + if(idx < arr->length && arr->array[idx]) + arr->free_fn(arr->array[idx]); arr->array[idx] = data; if(arr->length <= idx) arr->length = idx + 1; return 0; |