wl_array: Set data to invalid address after free
Explicitly set the data member to an invalid memory address during
wl_array_release, such that re-using a freed wl_array without re-initializing
causes a crash. In addition, this pointer assignment makes wl_array_release
testable.
Define a constant for the invalid memory address, and add documentation about
this behavior, starting at libwayland version 1.13.
See https://lists.freedesktop.org/archives/wayland-devel/2016-September/031116.html
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
[Pekka: remove the doc about crashing]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
diff --git a/src/wayland-private.h b/src/wayland-private.h
index ac712d9..ef58ccf 100644
--- a/src/wayland-private.h
+++ b/src/wayland-private.h
@@ -36,6 +36,9 @@
#include "wayland-util.h"
+/* Invalid memory address */
+#define WL_ARRAY_POISON_PTR (void *) 4
+
#define ARRAY_LENGTH(a) (sizeof (a) / sizeof (a)[0])
#define container_of(ptr, type, member) ({ \
diff --git a/src/wayland-util.c b/src/wayland-util.c
index 639ccf8..077fec7 100644
--- a/src/wayland-util.c
+++ b/src/wayland-util.c
@@ -102,6 +102,7 @@
wl_array_release(struct wl_array *array)
{
free(array->data);
+ array->data = WL_ARRAY_POISON_PTR;
}
WL_EXPORT void *
