GNOME Bugzilla – Bug 681501
gmem: array only partially filled with memcpy
Last modified: 2012-08-20 14:47:19 UTC
PVS-Studio spotted a memcpy that only partially fills the target array. In g_mem_profile: http://git.gnome.org/browse/glib/tree/glib/gmem.c#n714 The size of the array for local_data is calculated as: guint local_data[(MEM_PROFILE_TABLE_SIZE + 1) * 8 * sizeof (profile_data[0])]; (which looks a bit odd) The memcpy uses same calculation, but for n bytes to copy: memcpy (local_data, profile_data, (MEM_PROFILE_TABLE_SIZE + 1) * 8 * sizeof (profile_data[0])); which will underflow the array. I will attach a patch that sets the size of local_data as: guint local_data[(MEM_PROFILE_TABLE_SIZE + 1) * 8]; The originally code was added in this commit: http://git.gnome.org/browse/glib/commit/glib/gmem.c?id=782a8e2e7c69c3d98bd69bcfdbb65ded520576f4
Created attachment 220767 [details] [review] Reduce the size of local_data
Review of attachment 220767 [details] [review]: Looks right to me.
Comment on attachment 220767 [details] [review] Reduce the size of local_data Committed to master: http://git.gnome.org/browse/glib/commit/?id=96a0c589eec8e66f0d879c2a0979df6fd2c23dde