[PATCH] wayland util: Handle malloc failure in wl_array_copy()

[Martin Minarik]

If the malloc in wl_array_add() fails, we are memcpy-ing to bad memory.
This can happen only when copying array to smaller array.
---
 src/wayland-util.c |   11 ++++++++---
 src/wayland-util.h |    2 +-
 tests/array-test.c |    8 ++++++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/wayland-util.c b/src/wayland-util.c
index a8c03ad..4e02f95 100644
--- a/src/wayland-util.c
+++ b/src/wayland-util.c
@@ -135,12 +135,17 @@ wl_array_add(struct wl_array *array, size_t size)
 	return p;
 }
 
-WL_EXPORT void
+WL_EXPORT int
 wl_array_copy(struct wl_array *array, struct wl_array *source)
 {
-	array->size = 0;
-	wl_array_add(array, source->size);
+	if (source->size > array->size) {
+		if (NULL == wl_array_add(array, source->size - array->size))
+			return -1;
+	} else {
+		array->size = source->size;
+	}
 	memcpy(array->data, source->data, source->size);
+	return 0;
 }
 
 union map_entry {
diff --git a/src/wayland-util.h b/src/wayland-util.h
index b588505..f54077e 100644
--- a/src/wayland-util.h
+++ b/src/wayland-util.h
@@ -165,7 +165,7 @@ struct wl_array {
 void wl_array_init(struct wl_array *array);
 void wl_array_release(struct wl_array *array);
 void *wl_array_add(struct wl_array *array, size_t size);
-void wl_array_copy(struct wl_array *array, struct wl_array *source);
+int wl_array_copy(struct wl_array *array, struct wl_array *source);
 
 typedef int32_t wl_fixed_t;
 
diff --git a/tests/array-test.c b/tests/array-test.c
index 7639878..ff5bb8c 100644
--- a/tests/array-test.c
+++ b/tests/array-test.c
@@ -60,7 +60,9 @@ TEST(array_add)
 
 	/* add some data */
 	for (i = 0; i < iterations; i++) {
-		struct mydata* ptr = wl_array_add(&array, datasize);
+		struct mydata* ptr = NULL;
+		while (ptr == NULL)
+			ptr = wl_array_add(&array, datasize);
 		assert((i + 1) * datasize == array.size);
 
 		ptr->a = i * 3;
@@ -94,7 +96,9 @@ TEST(array_copy)
 
 	/* add some data */
 	for (i = 0; i < iterations; i++) {
-		int *p = wl_array_add(&source, sizeof(int));
+		int *p = NULL;
+		while (p == NULL)
+			p = wl_array_add(&source, sizeof(int));
 		*p = i * 2 + i;
 	}
 
-- 
1.7.0.4