Bugs in sio2ResourceDel

I just looked at sio2ResourceDel and it appears to me that it's buggy. For all types, it looks like

Code:

unsigned int i = 0;
while( i != _SIO2resource->n_image )
{
   if( _ptr == _SIO2resource->_SIO2image[ i ] )
   {

Next, you're moving the entries of all following resources to the position of the deleted resource.

Code:

      memcpy( &_SIO2resource->_SIO2image[ i ],
            &_SIO2resource->_SIO2image[ i + 1 ],
            (_SIO2resource->n_image - i ) * sizeof( void * ) );

First, you're accessing memory at index i+1 which is unallocated in case of the last element, i.e. i == _SIOresource->n_image-1. Copying should only take place if i < n_image-1.
Second, if i is e.g. 8 and the number of objects is 12, then the expression "_SIO2resource->n_object - i" gives 4, but in fact you only want to copy 3 elements (index 9, 10, 11 (which is the 12th element)).

Bear with me if I'm on the wrong track, it's late here.

Best,
Matt

Dude you are totally right...

That code should fix the problem:

Code:



         while( i != _SIO2resource->n_image )
         {
            if( _ptr == _SIO2resource->_SIO2image[ i ] )
            {
               --_SIO2resource->n_image;
                           
               if( i < _SIO2resource->n_image )
               {
                  memcpy( &_SIO2resource->_SIO2image[ i ],
                        &_SIO2resource->_SIO2image[ i + 1 ],
                        (_SIO2resource->n_image - i ) * sizeof( void * ) );
               }

               _SIO2resource->_SIO2image = ( void ** ) realloc( _SIO2resource->_SIO2image,
                                           _SIO2resource->n_image * sizeof( void * ) );
               break;
            }