From df8c663a04bb10c3af0b56404ea0f57445e7f656 Mon Sep 17 00:00:00 2001
From: Damien Grassart <damien@grassart.com>
Date: Tue, 29 Aug 2017 12:08:42 +0200
Subject: [PATCH 1/1] darray: Fix bug in the darray_remove() macro

The memmove() call should be using the index argument to determine the
number of bytes to copy. To be consistent with the rest of the code,
we should also not evaluate the index parameter multiple
times. Calling this with rand() % arr.size would otherwise generally
segfault.

Finally, we want to avoid using "index" as an identifier so as to not
shadow index(3) in the C library.

Signed-off-by: Damien Grassart <damien@grassart.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 ccan/darray/darray.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ccan/darray/darray.h b/ccan/darray/darray.h
index 82726c05..58470fde 100644
--- a/ccan/darray/darray.h
+++ b/ccan/darray/darray.h
@@ -170,8 +170,8 @@ typedef darray(unsigned long)  darray_ulong;
 		memmove((arr).item+1, (arr).item, ((arr).size-1)*sizeof(*(arr).item)); \
 		(arr).item[0] = (__VA_ARGS__); \
 	} while(0)
-#define darray_insert(arr, index, ...) do { \
-		size_t index_ = index; \
+#define darray_insert(arr, i, ...) do { \
+		size_t index_ = (i); \
 		darray_resize(arr, (arr).size+1); \
 		memmove((arr).item+index_+1, (arr).item+index_, ((arr).size-index_-1)*sizeof(*(arr).item)); \
 		(arr).item[index_] = (__VA_ARGS__); \
@@ -230,9 +230,10 @@ typedef darray(unsigned long)  darray_ulong;
 #define darray_pop(arr) ((arr).item[--(arr).size])
 #define darray_pop_check(arr) ((arr).size ? darray_pop(arr) : NULL)
 /* Warning, slow: Requires copying all elements after removed item. */
-#define darray_remove(arr, index) do { \
-	if (index < arr.size-1)    \
-		memmove(&(arr).item[index], &(arr).item[index+1], ((arr).size-1-i)*sizeof(*(arr).item)); \
+#define darray_remove(arr, i) do { \
+	size_t index_ = (i); \
+	if (index_ < arr.size-1)    \
+		memmove(&(arr).item[index_], &(arr).item[index_+1], ((arr).size-1-index_)*sizeof(*(arr).item)); \
 	(arr).size--;  \
 	} while(0)
 
-- 
2.39.2