bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 4/5] libports: avoid realloc(3) corner case

From: Justus Winter
Subject: [PATCH 4/5] libports: avoid realloc(3) corner case
Date: Mon, 16 Jun 2014 19:49:28 +0200 
If the size argument is 0, realloc may either return NULL, or return a
pointer that is only valid for use with free(3).  In either case, the
memory is freed.  So if realloc would return NULL (it does not on
GNU), the current code would double free p.

Found using the Clang Static Analyzer.

* libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid
calling realloc if no ports were matched.
---
 libports/bucket-iterate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c
index babc204..2d1b00d 100644
--- a/libports/bucket-iterate.c
+++ b/libports/bucket-iterate.c
@@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket,
     }
   pthread_mutex_unlock (&_ports_lock);
 
-  if (n != nr_items)
+  if (n != 0 && n != nr_items)
     {
       /* We allocated too much.  Release unused memory.  */
       void **new = realloc (p, n * sizeof *p);
-- 
2.0.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]