mirror of
https://github.com/google/flatbuffers.git
synced 2026-07-03 06:32:25 +00:00
Stop CreateUninitializedVector returning a pointer to invalid memory.
CreateUninitializedVector was performing the following actions:
1. call StartVector.
2. call make_space, and set buf to point to the reserved space.
3. call EndVector.
The problem is that a call to EndVector can ultimately call make_space, which
if the buffer is full, will cause a reallocation, invalidating the value stored
in buf. So setting buf needs to be delayed until after EndVector.
The following code, when run under valgrind shows a write to free'd memory before
the change, but no such error after:
int main()
{
flatbuffers::FlatBufferBuilder fbb(128);
char *buf = nullptr;
fbb.CreateUninitializedVector(128, &buf);
*buf = 0;
}
This commit is contained in:
@@ -1051,8 +1051,11 @@ FLATBUFFERS_FINAL_CLASS
|
|||||||
uint8_t **buf) {
|
uint8_t **buf) {
|
||||||
NotNested();
|
NotNested();
|
||||||
StartVector(len, elemsize);
|
StartVector(len, elemsize);
|
||||||
*buf = buf_.make_space(len * elemsize);
|
buf_.make_space(len * elemsize);
|
||||||
return EndVector(len);
|
auto vec_start = GetSize();
|
||||||
|
auto vec_end = EndVector(len);
|
||||||
|
*buf = buf_.data_at(vec_start);
|
||||||
|
return vec_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// @brief Specialized version of `CreateVector` for non-copying use cases.
|
/// @brief Specialized version of `CreateVector` for non-copying use cases.
|
||||||
|
|||||||
Reference in New Issue
Block a user