commit 670d0f9f5bb7d73ad236a035ed7bd69e96cadd41 Author: Tobias Stoeckmann tobias@stoeckmann.org Date: Sat Apr 13 16:55:36 2019 +0200
Clear memory in smartlist_remove_keeporder.
The smartlist functions take great care to reset unused pointers inside the smartlist memory to NULL.
The function smartlist_remove_keeporder does not clear memory in such way when elements have been removed. Therefore call memset after the for-loop that removes elements. If no element is removed, it is effectively a no-op.
Signed-off-by: Tobias Stoeckmann tobias@stoeckmann.org --- changes/ticket30176 | 4 ++++ src/lib/smartlist_core/smartlist_core.c | 2 ++ 2 files changed, 6 insertions(+)
diff --git a/changes/ticket30176 b/changes/ticket30176 new file mode 100644 index 000000000..da23760ce --- /dev/null +++ b/changes/ticket30176 @@ -0,0 +1,4 @@ + o Minor features (defense in depth): + - In smartlist_remove_keeporder(), set any pointers that become + unused to NULL, in case a bug causes them to be used later. Closes + ticket 30176. Patch from Tobias Stoeckmann. diff --git a/src/lib/smartlist_core/smartlist_core.c b/src/lib/smartlist_core/smartlist_core.c index 5947e7627..6b0a305a9 100644 --- a/src/lib/smartlist_core/smartlist_core.c +++ b/src/lib/smartlist_core/smartlist_core.c @@ -177,6 +177,8 @@ smartlist_remove_keeporder(smartlist_t *sl, const void *element) sl->list[i++] = sl->list[j]; } } + memset(sl->list + sl->num_used, 0, + sizeof(void *) * (num_used_orig - sl->num_used)); }
/** If <b>sl</b> is nonempty, remove and return the final element. Otherwise,