bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/5] libports: avoid realloc(3) corner case

From: Samuel Thibault
Subject: Re: [PATCH 4/5] libports: avoid realloc(3) corner case
Date: Wed, 18 Jun 2014 00:37:00 +0200
User-agent: Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) 
Justus Winter, le Mon 16 Jun 2014 19:49:28 +0200, a écrit :
> If the size argument is 0, realloc may either return NULL, or return a
> pointer that is only valid for use with free(3).  In either case, the
> memory is freed.  So if realloc would return NULL (it does not on
> GNU), the current code would double free p.
> 
> Found using the Clang Static Analyzer.
> 
> * libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid
> calling realloc if no ports were matched.

Ack.

> ---
>  libports/bucket-iterate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c
> index babc204..2d1b00d 100644
> --- a/libports/bucket-iterate.c
> +++ b/libports/bucket-iterate.c
> @@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket,
>      }
>    pthread_mutex_unlock (&_ports_lock);
>  
> -  if (n != nr_items)
> +  if (n != 0 && n != nr_items)
>      {
>        /* We allocated too much.  Release unused memory.  */
>        void **new = realloc (p, n * sizeof *p);
> -- 
> 2.0.0
> 

-- 
Samuel
As usual, this being a 1.3.x release, I haven't even compiled this
kernel yet.  So if it works, you should be doubly impressed.
(Linus Torvalds, announcing kernel 1.3.3 on the linux-kernel mailing list.)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]