From fe3a02c18a897c7cd89d50c1300305ffb7f55d86 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Fri, 30 Jan 2026 09:57:36 +0100
Subject: [PATCH] util: assert alloc is consistent with data in wl_array_add()

struct wl_array may be constructed by users manually from a
foreign data pointer:

    uint32_t states[] = {1, 2, 3};
    struct wl_array arr = {
        .data = states,
        .size = sizeof(states) / sizeof(states[0]),
    };

This is useful to avoid the need to allocate when sending Wayland
messages.

Users need to be careful not to use wl_array_add() on such arrays:
the function will misbehave by leaving garbage at the start of the
new buffer when reallocating.

Add an assert to guard against wl_array_add() calls in this
situation, to have a clear crash instead of undefined behavior.

Signed-off-by: Simon Ser <contact@emersion.fr>
---
 src/wayland-util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/wayland-util.c b/src/wayland-util.c
index 7231346b..f5518676 100644
--- a/src/wayland-util.c
+++ b/src/wayland-util.c
@@ -121,6 +121,9 @@ wl_array_add(struct wl_array *array, size_t size)
 		alloc *= 2;
 
 	if (array->alloc < alloc) {
+		if (array->alloc == 0 && array->data != NULL)
+			wl_abort("data is non-NULL with zero alloc");
+
 		if (array->alloc > 0)
 			data = realloc(array->data, alloc);
 		else