Justus Winter, le Mon 16 Jun 2014 19:49:28 +0200, a écrit :
> If the size argument is 0, realloc may either return NULL, or return a
> pointer that is only valid for use with free(3). In either case, the
> memory is freed. So if realloc would return NULL (it does not on
> GNU), the current code would double free p.
>
> Found using the Clang Static Analyzer.
>
> * libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid
> calling realloc if no ports were matched.
Ack.
> ---
> libports/bucket-iterate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c
> index babc204..2d1b00d 100644
> --- a/libports/bucket-iterate.c
> +++ b/libports/bucket-iterate.c
> @@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket,
> }
> pthread_mutex_unlock (&_ports_lock);
>
> - if (n != nr_items)
> + if (n != 0 && n != nr_items)
> {
> /* We allocated too much. Release unused memory. */
> void **new = realloc (p, n * sizeof *p);
> --
> 2.0.0
>
--
Samuel
As usual, this being a 1.3.x release, I haven't even compiled this
kernel yet. So if it works, you should be doubly impressed.
(Linus Torvalds, announcing kernel 1.3.3 on the linux-kernel mailing list.)
