diff options
author | Justus Winter <4winter@informatik.uni-hamburg.de> | 2014-06-16 17:34:22 +0200 |
---|---|---|
committer | Justus Winter <4winter@informatik.uni-hamburg.de> | 2014-06-18 15:57:00 +0200 |
commit | 8821d8a213008eb723414c6c70de384830ea10d7 (patch) | |
tree | 82875946d15768a8249ba5db517322c671ad67de | |
parent | 470972f3f854e92ee1cc8f1e2ada8412a2b97956 (diff) |
libports: avoid realloc(3) corner case
If the size argument is 0, realloc may either return NULL, or return a
pointer that is only valid for use with free(3). In either case, the
memory is freed. So if realloc would return NULL (it does not on
GNU), the current code would double free p.
Found using the Clang Static Analyzer.
* libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid
calling realloc if no ports were matched.
-rw-r--r-- | libports/bucket-iterate.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c index babc2045..2d1b00d8 100644 --- a/libports/bucket-iterate.c +++ b/libports/bucket-iterate.c @@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket, } pthread_mutex_unlock (&_ports_lock); - if (n != nr_items) + if (n != 0 && n != nr_items) { /* We allocated too much. Release unused memory. */ void **new = realloc (p, n * sizeof *p); |