vvfat: Fix array_remove_slice()
array_remove_slice() calls array_roll() with array->next - 1 as the destination index. This is only correct for count == 1, otherwise we're writing past the end of the array. array->next - count would be correct. However, this is the only place ever calling array_roll(), so this rather complicated operation isn't even necessary. Fix the problem and simplify the code by replacing it with a single memmove() call. array_roll() can now be removed. Reported-by: Nathan Huckleberry <nhuck15@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20200623175534.38286-3-kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Kevin Wolf
parent
c79e243ed6
commit
3dfa23b9ef
@ -140,48 +140,16 @@ static inline void* array_insert(array_t* array,unsigned int index,unsigned int
|
|||||||
return array->pointer+index*array->item_size;
|
return array->pointer+index*array->item_size;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* this performs a "roll", so that the element which was at index_from becomes
|
|
||||||
* index_to, but the order of all other elements is preserved. */
|
|
||||||
static inline int array_roll(array_t* array,int index_to,int index_from,int count)
|
|
||||||
{
|
|
||||||
char* buf;
|
|
||||||
char* from;
|
|
||||||
char* to;
|
|
||||||
int is;
|
|
||||||
|
|
||||||
if(!array ||
|
|
||||||
index_to<0 || index_to>=array->next ||
|
|
||||||
index_from<0 || index_from>=array->next)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
if(index_to==index_from)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
is=array->item_size;
|
|
||||||
from=array->pointer+index_from*is;
|
|
||||||
to=array->pointer+index_to*is;
|
|
||||||
buf=g_malloc(is*count);
|
|
||||||
memcpy(buf,from,is*count);
|
|
||||||
|
|
||||||
if(index_to<index_from)
|
|
||||||
memmove(to+is*count,to,from-to);
|
|
||||||
else
|
|
||||||
memmove(from,from+is*count,to-from);
|
|
||||||
|
|
||||||
memcpy(to,buf,is*count);
|
|
||||||
|
|
||||||
g_free(buf);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline int array_remove_slice(array_t* array,int index, int count)
|
static inline int array_remove_slice(array_t* array,int index, int count)
|
||||||
{
|
{
|
||||||
assert(index >=0);
|
assert(index >=0);
|
||||||
assert(count > 0);
|
assert(count > 0);
|
||||||
assert(index + count <= array->next);
|
assert(index + count <= array->next);
|
||||||
if(array_roll(array,array->next-1,index,count))
|
|
||||||
return -1;
|
memmove(array->pointer + index * array->item_size,
|
||||||
|
array->pointer + (index + count) * array->item_size,
|
||||||
|
(array->next - index - count) * array->item_size);
|
||||||
|
|
||||||
array->next -= count;
|
array->next -= count;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user