fix memory corruption in gp_log_remove_func

The gp_log_remove_func implementation had 2 severe issues: * it moved way to few bytes * it moved the wrong bytes to the wrong place, destroying libc memory management structures (resulting in different types of crashes). When the first item has to be removed, it moved a couple bytes from the start of the array to the left (before the start of the array), instead of moving the second and following items over the first one.
author: Axel Waggershauser <awagger@gmail.com> 2017-06-02 17:02:25 +0200
committer: Axel Waggershauser <awagger@gmail.com> 2017-06-02 17:02:25 +0200
commit: db56a3b4fd4c10f645b77c759e779efb3468e820 (patch)
tree: b66373db3f92d907f2da54b9375d18ab42e53c11 /libgphoto2_port/libgphoto2_port
parent: 8b14ec11cadac05b93f344cccfcefe1fb82996e6 (diff)
download: libgphoto2-db56a3b4fd4c10f645b77c759e779efb3468e820.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libgphoto2_port/libgphoto2_port/gphoto2-port-log.c b/libgphoto2_port/libgphoto2_port/gphoto2-port-log.c
index cc03bef65..cf9dce38c 100644
--- a/libgphoto2_port/libgphoto2_port/gphoto2-port-log.c
+++ b/libgphoto2_port/libgphoto2_port/gphoto2-port-log.c
@@ -141,7 +141,7 @@ gp_log_remove_func (int id)
 
 	for (i=0;i<log_funcs_count;i++) {
 		if (log_funcs[i].id == id) {
-			memmove (log_funcs + i - 1, log_funcs + i, log_funcs_count - i);
+			memmove (log_funcs + i, log_funcs + i + 1, sizeof(LogFunc) * (log_funcs_count - i - 1));
 			log_funcs_count--;
 			return GP_OK;
 		}
author	Axel Waggershauser <awagger@gmail.com>	2017-06-02 17:02:25 +0200
committer	Axel Waggershauser <awagger@gmail.com>	2017-06-02 17:02:25 +0200
commit	db56a3b4fd4c10f645b77c759e779efb3468e820 (patch)
tree	b66373db3f92d907f2da54b9375d18ab42e53c11 /libgphoto2_port/libgphoto2_port
parent	8b14ec11cadac05b93f344cccfcefe1fb82996e6 (diff)
download	libgphoto2-db56a3b4fd4c10f645b77c759e779efb3468e820.tar.gz