Skip to content

Commit

Permalink
fix: double free when using decode into slice
Browse files Browse the repository at this point in the history
  • Loading branch information
@jean-roland
jean-roland committed Jun 12, 2024
1 parent 5d828a5 commit fd91be9
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
3 changes: 1 addition & 2 deletions include/zenoh-pico/collections/slice.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,11 @@ int8_t _z_slice_init(_z_slice_t *bs, size_t capacity);
_z_slice_t _z_slice_make(size_t capacity);
_z_slice_t _z_slice_wrap(const uint8_t *bs, size_t len);
_z_slice_t _z_slice_steal(_z_slice_t *b);

void _z_slice_copy(_z_slice_t *dst, const _z_slice_t *src);
_z_slice_t _z_slice_duplicate(const _z_slice_t *src);
void _z_slice_move(_z_slice_t *dst, _z_slice_t *src);
void _z_slice_reset(_z_slice_t *bs);
_Bool _z_slice_is_empty(const _z_slice_t *bs);

_Bool _z_slice_eq(const _z_slice_t *left, const _z_slice_t *right);
void _z_slice_clear(_z_slice_t *bs);
void _z_slice_free(_z_slice_t **bs);
Expand Down Expand Up @@ -75,6 +73,7 @@ uint32_t _z_bytes_to_uint32(const _z_bytes_t *bs);
uint64_t _z_bytes_to_uint64(const _z_bytes_t *bs);
float _z_bytes_to_float(const _z_bytes_t *bs);
double _z_bytes_to_double(const _z_bytes_t *bs);
_z_slice_t _z_bytes_to_slice(const _z_bytes_t *bytes);
_z_bytes_t _z_bytes_from_uint8(uint8_t val);
_z_bytes_t _z_bytes_from_uint16(uint16_t val);
_z_bytes_t _z_bytes_from_uint32(uint32_t val);
Expand Down
2 changes: 1 addition & 1 deletion src/api/api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,7 +325,7 @@ int8_t z_bytes_decode_into_slice(const z_loaned_bytes_t *bytes, z_owned_slice_t
return _Z_ERR_SYSTEM_OUT_OF_MEMORY;
}
// Convert bytes to slice
*dst->_val = bytes->_slice;
*dst->_val = _z_bytes_to_slice(bytes);
return _Z_RES_OK;
}

Expand Down
12 changes: 12 additions & 0 deletions src/collections/slice.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ _z_slice_t _z_slice_duplicate(const _z_slice_t *src) {
}

_Bool _z_slice_is_empty(const _z_slice_t *bs) { return bs->len == 0; }

_z_slice_t _z_slice_steal(_z_slice_t *b) {
_z_slice_t ret = *b;
*b = _z_slice_empty();
Expand Down Expand Up @@ -191,6 +192,17 @@ double _z_bytes_to_double(const _z_bytes_t *bs) {
return val;
}

_z_slice_t _z_bytes_to_slice(const _z_bytes_t *bytes) {
// Allocate slice
_z_slice_t ret = _z_slice_make(bytes->_slice.len);
if (!_z_slice_check(ret)) {
return ret;
}
// Recopy data
memcpy((uint8_t *)ret.start, bytes->_slice.start, bytes->_slice.len);
return ret;
}

_z_bytes_t _z_bytes_from_uint8(uint8_t val) {
_z_bytes_t ret = _z_bytes_null();
// Init bytes array
Expand Down

0 comments on commit fd91be9

Please sign in to comment.