In zbar/processor/posix.h, function remove_poll, sizeof(poll_handler_t) is used:
This isn't actually valid according to the C standard, but unfortunately accepted by GCC. But sizeof(poll_handler_t) will be 1, whereas here it is expected to be the size of a function pointer. Thus memmove will shift the data only by 1 byte, causing memory corruption.
The (trivial) fix is to use sizeof(poll_handler_t*) instead.
Log in to post a comment.