On 2012-12-20 08:13, Eitan Adler wrote:
in xrealloc_impl338 new_ptr = realloc(ptr, new_size); 339 if (new_ptr != NULL) 340 { 341 hash_table_del(xmalloc_table, ptr); ^^^ isn't this a use-after-free of ptr?
Yes, realloc does not guarantee the realloc'd space will be at the same address, so it may free ptr at its discretion. Also, there is a memory leak if realloc() returns NULL. This is a very usual mistake when using realloc(). :-) Probably, the code should do the hash_table_del() before the realloc(), but I am not sure if hash_table_del() will already free ptr. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
