Vector: Let realloc do its job and thus avoid a UAF (a particularly nasty one)
All checks were successful
continuous-integration/drone/push Build is passing

Who even thought that copying from an old pointer passed to realloc() was a good idea?
Me, apparently.

Additionally, the entire point of this memcpy() was to copy the data over from the old buffer (which is already freed btw) to the new buffer, which is already done by realloc.
That's the entire point of realloc. The data is copied over by realloc already.

And even if the old pointer is not unmapped, we scrub freed memory with useless data, so the memcpy sets the vector's buffer to that useless data as well.

I don't even know how I managed to introduce so many bugs into Vector.

At least it should work properly now.
This commit is contained in:
apio 2023-03-28 18:37:12 +02:00
parent d41e5b7b74
commit b8b8d20f5b
Signed by: apio
GPG Key ID: B8A7D06E42258954

View File

@ -178,10 +178,6 @@ template <typename T> class Vector
void* const ptr = TRY(realloc_impl(m_data, new_byte_capacity));
if (new_capacity < m_capacity) memcpy(ptr, m_data, new_byte_capacity);
else
memcpy(ptr, m_data, byte_capacity());
m_capacity = new_capacity;
m_data = (T*)ptr;
return {};