Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug in array_list_del_idx when array_list_length()==1 #408

Closed
smdjeff opened this issue Mar 28, 2018 · 7 comments
Closed

bug in array_list_del_idx when array_list_length()==1 #408

smdjeff opened this issue Mar 28, 2018 · 7 comments

Comments

@smdjeff
Copy link

smdjeff commented Mar 28, 2018
edited

calling array_list_del_idx( arr, i, 1 ) several times.
once array_list_length()==0, from then on array_list_del_idx,free_fn keeps getting called over and over on that same pointer.
@smdjeff
Copy link
Author

smdjeff commented Mar 28, 2018

note that your unit test only tests json_object_array_del_idx where i = 0

@smdjeff smdjeff closed this as completed Mar 29, 2018
@smdjeff smdjeff reopened this Mar 29, 2018
@hawicz
Copy link
Member

hawicz commented Mar 29, 2018

Deleting a non-existent array element is not a valid operation, don't do that. However, let's say you do anyway, the code at https://github.com/json-c/json-c/blob/master/arraylist.c#L139 will prevent the free_fn from being called:

if ( idx >= arr->length || stop > arr->length ) return -1;

How are you actually causing a problem to occur?

@smdjeff
Copy link
Author

smdjeff commented Mar 29, 2018
edited

Sorry. It's when you delete the last element. So len = 1 before and 0 after. Free is called incorrectly.

@smdjeff smdjeff changed the title bug in array_list_del_idx when array_list_length()==0 bug in array_list_del_idx when array_list_length()==1 Mar 29, 2018
@hawicz
Copy link
Member

hawicz commented Mar 29, 2018

how is it called incorrectly? As far as I can tell, it works perfectly fine. e.g.:

#include <stdio.h>
#include "arraylist.h"

void free_func(void *foo)
{
        printf("free called on %p\n", foo);
}
int main()
{
        struct array_list *al;
        al = array_list_new(free_func);
        array_list_add(al, "somedata");
        printf("first call\n");
        array_list_del_idx(al, 0, 1);
        printf("second call\n");
        array_list_del_idx(al, 0, 1);
        printf("third call\n");
        array_list_del_idx(al, 0, 1);
        printf("freeing\n");
        array_list_free(al);
}

Produces:

first call
free called on 0x400957
second call
third call
freeing

Note the lack of calls to free for the second and third call.

@smdjeff
Copy link
Author

smdjeff commented Mar 29, 2018 via email
edited

@hawicz
Copy link
Member

hawicz commented Mar 30, 2018

Closing, since it works fine as far as I can tell. If you have an actual test case that demonstrates the problem, feel free to provide it and reopen.

@hawicz hawicz closed this as completed Mar 30, 2018
@smdjeff
Copy link
Author

smdjeff commented Apr 3, 2018
edited

Was using an old revision, I believe this was corrected in #332

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hawicz @smdjeff