blob: 7af7f42b097fed8e0e5ea0b0f45dd0a7f8934fe6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From 430cd222921336dc9e06170c2e4a2e7024a8cadb Mon Sep 17 00:00:00 2001
From: Justus Winter <4winter@informatik.uni-hamburg.de>
Date: Mon, 16 Jun 2014 17:34:22 +0200
Subject: [PATCH 4/5] libports: avoid realloc(3) corner case
If the size argument is 0, realloc may either return NULL, or return a
pointer that is only valid for use with free(3). In either case, the
memory is freed. So if realloc would return NULL (it does not on
GNU), the current code would double free p.
Found using the Clang Static Analyzer.
* libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid
calling realloc if no ports were matched.
---
libports/bucket-iterate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c
index babc204..2d1b00d 100644
--- a/libports/bucket-iterate.c
+++ b/libports/bucket-iterate.c
@@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket,
}
pthread_mutex_unlock (&_ports_lock);
- if (n != nr_items)
+ if (n != 0 && n != nr_items)
{
/* We allocated too much. Release unused memory. */
void **new = realloc (p, n * sizeof *p);
--
2.0.0
|
