From 672c5cee79eb412025c3dd8b034e611c1f119055 Mon Sep 17 00:00:00 2001
From: Samuel Vasko <samuel@entia.co>
Date: Mon, 10 Feb 2020 17:55:59 +0000
Subject: [PATCH] Refactor symbol map freeing to avoid UB

Removes a undefined behaviour (uint underflow) happening when freeing a
value. Fortunately this undefined behaviour has no effect on the
program. It only manifests itself when cmocka is compiled using
clangs undefined behaviour sanitizer.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/cmocka.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/cmocka.c b/src/cmocka.c
index 32f7360..4b88026 100644
--- a/src/cmocka.c
+++ b/src/cmocka.c
@@ -722,9 +722,16 @@ static void free_symbol_map_value(const void *value,
     SymbolMapValue * const map_value = (SymbolMapValue*)value;
     const LargestIntegralType children = cast_ptr_to_largest_integral_type(cleanup_value_data);
     assert_non_null(value);
-    list_free(&map_value->symbol_values_list_head,
-              children ? free_symbol_map_value : free_value,
-              (void *) ((uintptr_t)children - 1));
+    if (children == 0) {
+        list_free(&map_value->symbol_values_list_head,
+                  free_value,
+                  NULL);
+    } else {
+        list_free(&map_value->symbol_values_list_head,
+                  free_symbol_map_value,
+                  (void *)((uintptr_t)children - 1));
+    }
+
     free(map_value);
 }