Ticket #1101 (closed bug: fixed)
Potential memory corruption caused by faulty cloning of ResizableFloatArray
Reported by: | kurahaupo | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | core | Version: | trunk |
Severity: | high | Keywords: | memory corruption |
Cc: | Language: | ||
Patch status: | applied | Platform: | all |
Description
Code inspection revealed that clone sets the resize_threshold not on the new PMC, but on the old one.
The new PMC has only just enough memory to hold the number of elements, yet when resized within the resize_threshold of the original PMC, could be logically resized without actually reallocating memory. Later updates to elements in the extended range could overwrite unrelated memory.
Attachments
Change History
Note: See
TracTickets for help on using
tickets.