From 0f686e82a37e49af6caee2d469f2a2a88e1fbf7c Mon Sep 17 00:00:00 2001
From: Qi Wang <interwq@gwu.edu>
Date: Thu, 13 Feb 2020 20:04:22 -0800
Subject: [PATCH] Avoid variable length array with length 0.

---
 src/tcache.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/tcache.c b/src/tcache.c
index 27ac5c2b..e8a4cc5f 100644
--- a/src/tcache.c
+++ b/src/tcache.c
@@ -149,7 +149,8 @@ tcache_bin_flush_small(tsd_t *tsd, tcache_t *tcache, cache_bin_t *tbin,
 	arena_t *arena = tcache->arena;
 	assert(arena != NULL);
 	unsigned nflush = ncached - rem;
-	VARIABLE_ARRAY(edata_t *, item_edata, nflush);
+	/* Variable length array must have > 0 length. */
+	VARIABLE_ARRAY(edata_t *, item_edata, nflush + 1);
 
 	void **bottom_item = cache_bin_bottom_item_get(tbin, binind);
 	tsdn_t *tsdn = tsd_tsdn(tsd);
@@ -250,7 +251,8 @@ tcache_bin_flush_large(tsd_t *tsd, tcache_t *tcache, cache_bin_t *tbin, szind_t
 	arena_t *tcache_arena = tcache->arena;
 	assert(tcache_arena != NULL);
 	unsigned nflush = ncached - rem;
-	VARIABLE_ARRAY(edata_t *, item_edata, nflush);
+	/* Variable length array must have > 0 length. */
+	VARIABLE_ARRAY(edata_t *, item_edata, nflush + 1);
 
 	void **bottom_item = cache_bin_bottom_item_get(tbin, binind);
 #ifndef JEMALLOC_EXTRA_SIZE_CHECK