From ecdfb8e9a488afb4a28b8618ca42913574e5b642 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Fri, 30 Jan 2026 09:57:36 +0100
Subject: [PATCH] util: assert alloc is consistent with data in wl_array_add()

struct wl_array may be constructed by users manually from a
foreign data pointer:

    uint32_t states[] = {1, 2, 3};
    struct wl_array arr = {
        .data = states,
        .size = sizeof(states) / sizeof(states[0]),
    };

This is useful to avoid the need to allocate when sending Wayland
messages.

Users need to be careful not to use wl_array_add() on such arrays:
the function will misbehave by leaving garbage at the start of the
new buffer when reallocating.

Add an assert to guard against wl_array_add() calls in this
situation, to have a clear crash instead of undefined behavior.

Signed-off-by: Simon Ser <contact@emersion.fr>
---
 src/wayland-util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/wayland-util.c b/src/wayland-util.c
index 7231346b..6936dad5 100644
--- a/src/wayland-util.c
+++ b/src/wayland-util.c
@@ -24,6 +24,7 @@
  * SOFTWARE.
  */
 
+#include <assert.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -121,6 +122,8 @@ wl_array_add(struct wl_array *array, size_t size)
 		alloc *= 2;
 
 	if (array->alloc < alloc) {
+		assert(array->alloc > 0 || array->data == NULL);
+
 		if (array->alloc > 0)
 			data = realloc(array->data, alloc);
 		else