util: always check result of wl_array_add()

Not checking the result of wl_array_add() can cause writes past the end of the
allocated buffer if realloc fails.

Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>

diff --git a/src/wayland-util.c b/src/wayland-util.c
index c89a67b..68116bf 100644 (file)
--- a/src/wayland-util.c
+++ b/src/wayland-util.c
@@ -241,8 +241,10 @@ wl_map_insert_at(struct wl_map *map, uint32_t flags, uint32_t i, void *data)
        if (count < i)
                return -1;
 
-       if (count == i)
-               wl_array_add(entries, sizeof *start);
+       if (count == i) {
+               if (!wl_array_add(entries, sizeof *start))
+                       return -1;
+       }
 
        start = entries->data;
        start[i].data = data;
@@ -277,7 +279,9 @@ wl_map_reserve_new(struct wl_map *map, uint32_t i)
                return -1;
 
        if (count == i) {
-               wl_array_add(entries, sizeof *start);
+               if (!wl_array_add(entries, sizeof *start))
+                       return -1;
+
                start = entries->data;
                start[i].data = NULL;
        } else {