From: mquinson <mquinson@48e7efb5-ca39-0410-a469-dd3cf9ba447f>
Date: Thu, 6 Jul 2006 01:48:07 +0000 (+0000)
Subject: Fix a stack corruption when xbt_dynar_remove_at was used with object larger than... 
X-Git-Tag: v3.3~2869
X-Git-Url: http://info.iut-bm.univ-fcomte.fr/pub/gitweb/simgrid.git/commitdiff_plain/ce0eed6c0ae76da99731d8cbc85a45103b3c741d?ds=sidebyside

Fix a stack corruption when xbt_dynar_remove_at was used with object larger than 8bytes. It was the case in gras_procdata_exit: we had a by 4 overflow. This leaded to segfault when using optimization on gcc 4.x since %ebx is stored right after our data in that case. YEAH, it works on gcc 4.x now. I would never have found this without Vince, thanks so much


git-svn-id: svn+ssh://scm.gforge.inria.fr/svn/simgrid/simgrid/trunk@2489 48e7efb5-ca39-0410-a469-dd3cf9ba447f
---

diff --git a/src/xbt/dynar.c b/src/xbt/dynar.c
index 923b90ebbe..eeb022eaf1 100644
--- a/src/xbt/dynar.c
+++ b/src/xbt/dynar.c
@@ -374,9 +374,16 @@ xbt_dynar_remove_at(xbt_dynar_t  const dynar,
   if (object) {
     _xbt_dynar_get_elm(object, dynar, idx);
   } else if (dynar->free_f) {
-    char elm[SIZEOF_MAX];
-    _xbt_dynar_get_elm(elm, dynar, idx);
-    (*dynar->free_f)(elm);
+    if (dynar->elmsize <= SIZEOF_MAX) {
+       char elm[SIZEOF_MAX];
+       _xbt_dynar_get_elm(elm, dynar, idx);
+       (*dynar->free_f)(elm);
+    } else {
+       char *elm=malloc(dynar->elmsize);
+       _xbt_dynar_get_elm(elm, dynar, idx);
+       (*dynar->free_f)(elm);
+       free(elm);
+    }
   }
 
   nb_shift =  dynar->used-1 - idx;