diff options
| author | Heejin Ahn <aheejin@gmail.com> | 2021-01-14 01:52:03 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-14 01:52:03 +0900 |
| commit | f882781c4bebba1625a745c2b19dc7f8e63aa531 (patch) | |
| tree | c0d3d1edba086db067657c906b1506e0564a55bf /src/mixed_arena.h | |
| parent | dc7184afcbdcc72d0a6d66e2b36fc5857050dd87 (diff) | |
| download | binaryen-f882781c4bebba1625a745c2b19dc7f8e63aa531.tar.gz binaryen-f882781c4bebba1625a745c2b19dc7f8e63aa531.tar.bz2 binaryen-f882781c4bebba1625a745c2b19dc7f8e63aa531.zip | |
Fix an index error in ArenaVectorBase (#3486)
Because `resize()` sets `usedElements` to its argument, we were
accessing `data[usedElements]`, which can be outside of allocated memory
depending the internal state, i.e., `allocatedElements`'s value.
It is hard to come up with a test case for this because apparently the
failure condition depends on the vector's internal state.
Diffstat (limited to 'src/mixed_arena.h')
| -rw-r--r-- | src/mixed_arena.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/mixed_arena.h b/src/mixed_arena.h index 9ae19f94d..b4822680b 100644 --- a/src/mixed_arena.h +++ b/src/mixed_arena.h @@ -370,7 +370,7 @@ public: void insertAt(size_t index, T item) { assert(index <= usedElements); // appending is ok resize(usedElements + 1); - for (auto i = usedElements; i > index; --i) { + for (auto i = usedElements - 1; i > index; --i) { data[i] = data[i - 1]; } data[index] = item; |