xarray: move ele update to after bounds check

Even though we don't use the loaded ele value until after we check
the bounds of the counter, it makes ASAN unhappy, and might cause
a load of invalid memory.

URL: https://bugs.gentoo.org/553368
Reported-by: Hanno Boeck <hanno@gentoo.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/xfuncs.h b/xfuncs.h
index 82f5da0..61577ec 100644
--- a/xfuncs.h
+++ b/xfuncs.h
@@ -27,10 +27,14 @@ void xarraypush(array_t *array, const void *ele, size_t ele_len);
 #define xarraypush_str(arr, ele) xarraypush(arr, ele, strlen(ele) + 1 /*NUL*/)
 void xarrayfree(array_t *array);
 #define xrealloc_array(ptr, size, ele_size) xrealloc(ptr, (size) * (ele_size))
+/* The assignment after the check is unfortunate as we do a non-NULL check (we
+ * already do not permit pushing of NULL pointers), but we can't put it in the
+ * increment phase as that will cause a load beyond the bounds of valid memory.
+ */
 #define array_for_each(arr, n, ele) \
 	for (n = 0, ele = array_cnt(arr) ? arr->eles[n] : NULL; \
-	     n < array_cnt(arr); \
-	     ele = arr->eles[++n])
+	     n < array_cnt(arr) && (ele = arr->eles[n]); \
+	     ++n)
 #define array_init_decl { .eles = NULL, .num = 0, }
 #define array_cnt(arr) (arr)->num
 char *array_flatten_str(array_t *array);