From: Derrick Stolee <stolee@gmail.com>
To: Jeff King <peff@peff.net>, git@vger.kernel.org
Subject: Re: [PATCH] xrealloc: do not reuse pointer freed by zero-length realloc()
Date: Tue, 1 Sep 2020 09:04:36 -0400 [thread overview]
Message-ID: <c81b7225-a663-1598-62b3-bd80457d5648@gmail.com> (raw)
In-Reply-To: <20200901111800.GA3115584@coredump.intra.peff.net>
On 9/1/2020 7:18 AM, Jeff King wrote:
> This patch fixes a bug where xrealloc(ptr, 0) can double-free and
> corrupt the heap on some platforms (including at least glibc).
!!! Good find !!!
> The simplest fix here is to just pass "ret" (which we know to be NULL)
> to the follow-up realloc(). That does mean that a system which _doesn't_
> free the original pointer would leak it. But that interpretation of the
> standard seems unlikely (if a system didn't deallocate in this case, I'd
> expect it to simply return the original pointer). If it turns out to be
> an issue, we can handle the "!size" case up front instead, before we
> call realloc() at all.
Adding an `if (!size) {free(ptr); return NULL;}` block was what I
expected. Was that chosen just so we can rely more on the system
realloc(), or is there a performance implication that I'm not
seeing?
> @@ -120,7 +120,7 @@ void *xrealloc(void *ptr, size_t size)
> memory_limit_check(size, 0);
> ret = realloc(ptr, size);
> if (!ret && !size)
> - ret = realloc(ptr, 1);
> + ret = realloc(ret, 1);
I appreciate all the additional context for such a small change.
LGTM.
-Stolee
next prev parent reply other threads:[~2020-09-01 13:10 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-01 11:18 [PATCH] xrealloc: do not reuse pointer freed by zero-length realloc() Jeff King
2020-09-01 13:04 ` Derrick Stolee [this message]
2020-09-01 13:51 ` Jeff King
2020-09-01 14:24 ` Derrick Stolee
2020-09-01 15:58 ` Junio C Hamano
2020-09-02 7:54 ` Jeff King
2020-09-02 19:19 ` Junio C Hamano
2020-09-03 3:50 ` Jonathan Nieder
2020-09-01 15:20 ` Andreas Schwab
2020-09-01 15:56 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c81b7225-a663-1598-62b3-bd80457d5648@gmail.com \
--to=stolee@gmail.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).