fix memory corruption in gp_log_remove_func

The gp_log_remove_func implementation had 2 severe issues: * it moved way to few bytes * it moved the wrong bytes to the wrong place, destroying libc memory management structures (resulting in different types of crashes). When the first item has to be removed, it moved a couple bytes from the start of the array to the left (before the start of the array), instead of moving the second and following items over the first one.
timelapseplus · Jun 2, 2017 · db56a3b · db56a3b
1 parent 8b14ec1
commit db56a3b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libgphoto2_port/libgphoto2_port/gphoto2-port-log.c b/libgphoto2_port/libgphoto2_port/gphoto2-port-log.c
@@ -141,7 +141,7 @@ gp_log_remove_func (int id)
 
 	for (i=0;i<log_funcs_count;i++) {
 		if (log_funcs[i].id == id) {
-			memmove (log_funcs + i - 1, log_funcs + i, log_funcs_count - i);
+			memmove (log_funcs + i, log_funcs + i + 1, sizeof(LogFunc) * (log_funcs_count - i - 1));
 			log_funcs_count--;
 			return GP_OK;
 		}