Date: Fri, 18 Dec 2009 17:20:02 GMT From: Dan Lukes <dan@obluda.cz> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/141753: double-free in reallocf() Message-ID: <200912181720.nBIHK2vg032210@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/141753; it has been noted by GNATS. From: Dan Lukes <dan@obluda.cz> To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/141753: double-free in reallocf() Date: Fri, 18 Dec 2009 18:12:00 +0100 I missed simple and obvious fix! Replace > if (!nptr && ptr) > free(ptr); with > if (!nptr && ptr && size > 0) > free(ptr); Because - When size>0 the previous behavior is maintained. When size==0 and V option not set, then nptr!=NULL (realloc(,0) never fail) so the ptr is not free - correct behavior. When size==0 and V option IS set then we know the ptr is freed by realloc and it's not freed again here - correct behavior. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912181720.nBIHK2vg032210>