Backport !1390 “garray: Fix copying an array with reserved elements” to glib-2-62 (!1393) · Merge requests · GNOME / GLib

Philip Withnall requested to merge pwithnall/glib:backport-1390-array-copy-crash-glib-2-62 into glib-2-62 Feb 27, 2020

Spotted by Mohammed Sadiq. g_array_copy() was doing a memcpy() of the data from the old array to the new one, based on the reserved elements in the old array (array->alloc). However, the new array was allocated based on the assigned elements in the old array (array->len).

So if the old array had fewer assigned elements than allocated elements, memcpy() would fall off the end of the newly allocated data block. This was particularly obvious when the old array had no assigned elements, as the new array’s data pointer would be NULL.

Signed-off-by: Philip Withnall withnall@endlessm.com

Fixes: #2049 (closed)

Trivial backport of !1390 (merged).

Backport !1390 “garray: Fix copying an array with reserved elements” to glib-2-62

Merge request reports