[Click] Repeated calls to Vector::operator= with an empty vector crash the router

[Mathias Kurth]

Hi,

 

There is a bug in the vector code which crashes the router if you call
the assignment operator several times with an empty vector as argument.
Consider the following example. The empty vector w is assigned 10000
times to v. 

 

  Vector<int> v, w;

  for (int i = 0; i < 10000; i++)

  {

    v = w;

  }

 

On execution the application crashes. The reason is that operator= calls
the method reserve with argument want = 0, since the size of vector w is
0. It seems that want = 0 is a special case for reserve. It increases
its capacity by factor 2. This is repeated several times until there is
no memory left and the new operator throws an exception. With DEQueue
the situation is different. It uses want = -1 as special case instead of
0.

Checking the size of the given vector in Vector::operator= fixes the
problem:

  

  Vector<T>::operator=(const Vector<T> &o)

  {

    if (&o != this) {

      for (size_type i = 0; i < _n; i++)

        _l[i].~T();

      _n = 0;

-     if (reserve(o._n)) {

+     if (o._n && reserve(o._n)) {

        _n = o._n;

        for (size_type i = 0; i < _n; i++)

          new(velt(i)) T(o._l[i]);

      }

    }

    return *this;

  }

 

Kind regards,

Mathias