commit 5bcf87c224978970256af56a16d0ac676ac24a25
parent 4b599aaae4fc33460553306a8bba41d777558420
Author: David Goulet <dgoulet@torproject.org>
Date: Wed, 24 Apr 2019 09:45:32 -0400
Merge branch 'tor-github/pr/955'
Diffstat:
3 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/changes/ticket30176 b/changes/ticket30176
@@ -0,0 +1,4 @@
+ o Minor features (defense in depth):
+ - In smartlist_remove_keeporder(), set any pointers that become
+ unused to NULL, in case a bug causes them to be used later. Closes
+ ticket 30176. Patch from Tobias Stoeckmann.
diff --git a/src/lib/smartlist_core/smartlist_core.c b/src/lib/smartlist_core/smartlist_core.c
@@ -177,6 +177,8 @@ smartlist_remove_keeporder(smartlist_t *sl, const void *element)
sl->list[i++] = sl->list[j];
}
}
+ memset(sl->list + sl->num_used, 0,
+ sizeof(void *) * (num_used_orig - sl->num_used));
}
/** If <b>sl</b> is nonempty, remove and return the final element. Otherwise,
diff --git a/src/test/test_containers.c b/src/test/test_containers.c
@@ -1006,6 +1006,10 @@ test_container_smartlist_remove(void *arg)
tt_ptr_op(smartlist_get(sl, 1), OP_EQ, &array[2]);
tt_ptr_op(smartlist_get(sl, 2), OP_EQ, &array[1]);
tt_ptr_op(smartlist_get(sl, 3), OP_EQ, &array[2]);
+ /* Ordinary code should never look at this pointer; we're doing it here
+ * to make sure that we really cleared the pointer we removed.
+ */
+ tt_ptr_op(sl->list[4], OP_EQ, NULL);
done:
smartlist_free(sl);
