If the size argument is 0, realloc may either return NULL, or return a
pointer that is only valid for use with free(3). In either case, the
memory is freed. So if realloc would return NULL (it does not on
GNU), the current code would double free p.
Found using the Clang Static Analyzer.
* libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid
calling realloc if no ports were matched.
---
libports/bucket-iterate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c
index babc204..2d1b00d 100644
--- a/libports/bucket-iterate.c
+++ b/libports/bucket-iterate.c
@@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket,
}
pthread_mutex_unlock (&_ports_lock);
- if (n != nr_items)
+ if (n != 0 && n != nr_items)
{
/* We allocated too much. Release unused memory. */
void **new = realloc (p, n * sizeof *p);
--
2.0.0
