types: fix invalid memory access on setting non-contiguous array indexes

When setting an array index which is beyond the end of the last currently preallocated chunk and not evenly divisible by the chunk size, the array entries list was not properly reallocated, resulting in invalid memory writes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2021-09-21 20:24:05 +0200
committer: Jo-Philipp Wich <jo@mein.io> 2021-09-21 20:25:46 +0200
commit: 914f54cc61e6b16005cceb9562289be0c80e401b (patch)
tree: d005f3dfaf20df1d2c417998e3d3f395ff80438a /types.c
parent: 631f00df1189550cca923c3d08885e6a7208d542 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/types.c b/types.c
index b8ad8da..de904ef 100644
--- a/types.c
+++ b/types.c
@@ -701,15 +701,21 @@ bool
 ucv_array_set(uc_value_t *uv, size_t index, uc_value_t *item)
 {
 	uc_array_t *array = (uc_array_t *)uv;
-	size_t old_count;
+	size_t old_count, new_count;
 
 	if (ucv_type(uv) != UC_ARRAY)
 		return false;
 
 	if (index >= array->count) {
 		old_count = array->count;
+		new_count = (index + 1) & ~(UC_VECTOR_CHUNK_SIZE - 1);
+
+		if (new_count > old_count) {
+			array->count = new_count;
+			uc_vector_grow(array);
+		}
+
 		array->count = index + 1;
-		uc_vector_grow(array);
 
 		while (old_count < array->count)
 			array->entries[old_count++] = NULL;
author	Jo-Philipp Wich <jo@mein.io>	2021-09-21 20:24:05 +0200
committer	Jo-Philipp Wich <jo@mein.io>	2021-09-21 20:25:46 +0200
commit	914f54cc61e6b16005cceb9562289be0c80e401b (patch)
tree	d005f3dfaf20df1d2c417998e3d3f395ff80438a /types.c
parent	631f00df1189550cca923c3d08885e6a7208d542 (diff)