GNOME Bugzilla – Bug 731349
queuearray: doesn't expand with initial size of 1, resulting in invalid memory access
Last modified: 2014-06-07 08:49:49 UTC
Created attachment 278064 [details] [review] queuearray: fix expanding size of queue from 1 If you create a GstQueueArray with a size of 1, then call push_tail when there is already one value in the array then gstreamer will not correctly expand the array. The problem is here: guint newsize = (3 * array->size) / 2; (3 * 1) / 2 == 1, which is the same size as the existing array. Attached patch just does this instead: guint newsize = MAX ((3 * array->size) / 2, array->size + 1);
Nice catch! commit 9c4e1d36893e63d76347cee2099480cebbcd6589 Author: Tim-Philipp Müller <tim@centricular.com> Date: Sat Jun 7 09:46:42 2014 +0100 tests: add unit test for queuearray expansion from 1 https://bugzilla.gnome.org/show_bug.cgi?id=731349 commit 1cd4bd64b04c71970148ae5e1de1e13602d21875 Author: Evan Nemerson <evan@nemerson.com> Date: Fri Jun 6 16:36:00 2014 -0700 queuearray: fix expanding size of queue from 1 Without we would not actually expand and access memory beyond the allocated region for the array. https://bugzilla.gnome.org/show_bug.cgi?id=731349