memory corruption fixed 41/19241/2
Cedric Delamarre [Fri, 31 Mar 2017 16:48:46 +0000 (18:48 +0200)]
fix trouble after https://codereview.scilab.org/#/c/19218/

a(1) = {1} //crash

Change-Id: I0678dd76102221f84bb3c0dddea848ec8e63c7e4

scilab/modules/ast/src/cpp/types/arrayof.cpp
scilab/modules/ast/src/cpp/types/cell.cpp

index 4f5bada..a6a1df5 100644 (file)
@@ -161,7 +161,7 @@ ArrayOf<T>* ArrayOf<T>::insert(typed_list* _pArgs, InternalType* _pSource)
                             status = false;
                             break;
                         }
-                        
+
                         m_pRealData[i] = *pRealData;
                         ++pRealData;
                     }
@@ -1641,16 +1641,12 @@ ArrayOf<T>* ArrayOf<T>::resize(int* _piDims, int _iDims)
                 int iNewIdx = getIndexWithDims(piIndexes, _piDims, _iDims);
                 pRealData[iNewIdx] = m_pRealData[i];
                 m_pRealData[i] = NULL;
+                T pTemp = getNullValue();
                 for (int j = iPreviousNewIdx; j < iNewIdx; ++j)
                 {
-                    T pTemp = getNullValue();
-                    T pTemp2 = copyValue(pTemp);
-                    pRealData[j] = pTemp2;
-                    if (pTemp != pTemp2)
-                    {
-                        deleteData(pTemp);
-                    }
+                    pRealData[j] = copyValue(pTemp);
                 }
+                deleteData(pTemp);
 
                 iPreviousNewIdx = iNewIdx + 1;
             }
@@ -1676,16 +1672,12 @@ ArrayOf<T>* ArrayOf<T>::resize(int* _piDims, int _iDims)
             //}
 
             //fill exceeded with NullValue
+            T pTemp = getNullValue();
             for (int i = iPreviousNewIdx; i < m_iSizeMax; ++i)
             {
-                T pTemp = getNullValue();
-                T pTemp2 = copyValue(pTemp);
-                pRealData[i] = pTemp2;
-                if (pTemp != pTemp2)
-                {
-                    deleteData(pTemp);
-                }
+                pRealData[i] = copyValue(pTemp);
             }
+            deleteData(pTemp);
 
             delete[] piIndexes;
             //delete all array
index ed76a6b..fbbf614 100644 (file)
@@ -54,19 +54,24 @@ void Cell::createCell(int _iDims, const int* _piDims, InternalType** data)
 {
     InternalType** pIT = NULL;
     create(_piDims, _iDims, &pIT, NULL);
-    for (int i = 0; i < m_iSizeMax; i++)
+    if (data == nullptr)
     {
-        if (data == nullptr)
+        types::Double* pDbl = Double::Empty();
+        for (int i = 0; i < m_iSizeMax; i++)
         {
-            m_pRealData[i] = Double::Empty();
+            m_pRealData[i] = pDbl;
+            m_pRealData[i]->IncreaseRef();
         }
-        else
+    }
+    else
+    {
+        for (int i = 0; i < m_iSizeMax; i++)
         {
             m_pRealData[i] = data[i];
+            m_pRealData[i]->IncreaseRef();
         }
-
-        m_pRealData[i]->IncreaseRef();
     }
+
 #ifndef NDEBUG
     Inspector::addItem(this);
 #endif
@@ -494,7 +499,6 @@ void Cell::deleteData(InternalType* _pData)
 {
     if (_pData)
     {
-        _pData->DecreaseRef();
         _pData->killMe();
     }
 }