Mercurial > octave-libtiff

changeset 22449:e337b8e3592c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix double free causing segfault in mxSetDimensions (bug #49010). * mex.cc (mxArray_matlab::set_dimensions): mxFree existing dims, and then malloc new memory and copy over dims. * mex.cc: Use space between pointers and commented names of input arguments for clarity and to stop the syntax highlighter from freaking out. * mxarray.in.h: Add comment about why we are not using uint16 for mxChar.
author Rik <rik@octave.org>
date Thu, 08 Sep 2016 14:46:12 -0700
parents 809989ceb5d3
children 2fb86778f78d
files libinterp/corefcn/mex.cc libinterp/corefcn/mxarray.in.h
diffstat 2 files changed, 28 insertions(+), 21 deletions(-) [+]
line wrap: on
line diff
--- a/libinterp/corefcn/mex.cc	Thu Sep 08 11:23:01 2016 -0700
+++ b/libinterp/corefcn/mex.cc	Thu Sep 08 14:46:12 2016 -0700
@@ -296,7 +296,7 @@
 
   void set_n (mwSize /*n*/) { request_mutation (); }
 
-  void set_dimensions (mwSize */*dims_arg*/, mwSize /*ndims_arg*/)
+  void set_dimensions (mwSize * /*dims_arg*/, mwSize /*ndims_arg*/)
   {
     request_mutation ();
   }
@@ -357,7 +357,7 @@
   }
 
   // Not allowed.
-  void set_class_name (const char */*name_arg*/) { request_mutation (); }
+  void set_class_name (const char * /*name_arg*/) { request_mutation (); }
 
   mxArray *get_cell (mwIndex /*idx*/) const
   {
@@ -366,7 +366,7 @@
   }
 
   // Not allowed.
-  void set_cell (mwIndex /*idx*/, mxArray */*val*/) { request_mutation (); }
+  void set_cell (mwIndex /*idx*/, mxArray * /*val*/) { request_mutation (); }
 
   double get_scalar (void) const { return val.scalar_value (true); }
 
@@ -395,10 +395,10 @@
   }
 
   // Not allowed.
-  void set_data (void */*pr*/) { request_mutation (); }
+  void set_data (void * /*pr*/) { request_mutation (); }
 
   // Not allowed.
-  void set_imag_data (void */*pi*/) { request_mutation (); }
+  void set_imag_data (void * /*pi*/) { request_mutation (); }
 
   mwIndex *get_ir (void) const
   {
@@ -413,16 +413,16 @@
   mwSize get_nzmax (void) const { return val.nzmax (); }
 
   // Not allowed.
-  void set_ir (mwIndex */*ir*/) { request_mutation (); }
+  void set_ir (mwIndex * /*ir*/) { request_mutation (); }
 
   // Not allowed.
-  void set_jc (mwIndex */*jc*/) { request_mutation (); }
+  void set_jc (mwIndex * /*jc*/) { request_mutation (); }
 
   // Not allowed.
   void set_nzmax (mwSize /*nzmax*/) { request_mutation (); }
 
   // Not allowed.
-  int add_field (const char */*key*/)
+  int add_field (const char * /*key*/)
   {
     request_mutation ();
     return 0;
@@ -439,7 +439,7 @@
 
   // Not allowed.
   void set_field_by_number (mwIndex /*index*/, int /*key_num*/,
-                            mxArray */*val*/)
+                            mxArray * /*val*/)
   {
     request_mutation ();
   }
@@ -452,7 +452,7 @@
     return 0;
   }
 
-  int get_field_number (const char */*key*/) const
+  int get_field_number (const char * /*key*/) const
   {
     request_mutation ();
     return 0;
@@ -737,8 +737,14 @@
 
   void set_dimensions (mwSize *dims_arg, mwSize ndims_arg)
   {
-    dims = dims_arg;
     ndims = ndims_arg;
+
+    mxFree (dims);
+    dims = (ndims > 0 ? static_cast<mwSize *>
+                          (mxArray::malloc (ndims * sizeof (mwSize)))
+                      : 0);
+    for (int i = 0; i < ndims; i++)
+      dims[i] = dims_arg[i];
   }
 
   mwSize get_number_of_elements (void) const
@@ -790,7 +796,7 @@
     err_invalid_type ();
   }
 
-  void set_cell (mwIndex /*idx*/, mxArray */*val*/)
+  void set_cell (mwIndex /*idx*/, mxArray * /*val*/)
   {
     err_invalid_type ();
   }
@@ -810,12 +816,12 @@
     err_invalid_type ();
   }
 
-  void set_data (void */*pr*/)
+  void set_data (void * /*pr*/)
   {
     err_invalid_type ();
   }
 
-  void set_imag_data (void */*pi*/)
+  void set_imag_data (void * /*pi*/)
   {
     err_invalid_type ();
   }
@@ -835,12 +841,12 @@
     err_invalid_type ();
   }
 
-  void set_ir (mwIndex */*ir*/)
+  void set_ir (mwIndex * /*ir*/)
   {
     err_invalid_type ();
   }
 
-  void set_jc (mwIndex */*jc*/)
+  void set_jc (mwIndex * /*jc*/)
   {
     err_invalid_type ();
   }
@@ -850,7 +856,7 @@
     err_invalid_type ();
   }
 
-  int add_field (const char */*key*/)
+  int add_field (const char * /*key*/)
   {
     err_invalid_type ();
   }
@@ -866,7 +872,7 @@
   }
 
   void set_field_by_number (mwIndex /*index*/, int /*key_num*/,
-                            mxArray */*val*/)
+                            mxArray * /*val*/)
   {
     err_invalid_type ();
   }
@@ -881,12 +887,12 @@
     err_invalid_type ();
   }
 
-  int get_field_number (const char */*key*/) const
+  int get_field_number (const char * /*key*/) const
   {
     return -1;
   }
 
-  int get_string (char */*buf*/, mwSize /*buflen*/) const
+  int get_string (char * /*buf*/, mwSize /*buflen*/) const
   {
     err_invalid_type ();
   }
@@ -1825,7 +1831,7 @@
   {
     mwSize nel = get_number_of_elements ();
 
-    for  (mwIndex i = 0; i < nel; i++)
+    for (mwIndex i = 0; i < nel; i++)
       delete data[i];
 
     mxFree (data);
--- a/libinterp/corefcn/mxarray.in.h	Thu Sep 08 11:23:01 2016 -0700
+++ b/libinterp/corefcn/mxarray.in.h	Thu Sep 08 14:46:12 2016 -0700
@@ -80,6 +80,7 @@
 
 typedef unsigned char mxLogical;
 
+/* Matlab uses a wide char (uint16) internally, but Octave uses plain char. */
 /* typedef Uint16 mxChar; */
 typedef char mxChar;