From owner-svn-src-head@FreeBSD.ORG Sat Dec 1 17:44:07 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3F759AB2; Sat, 1 Dec 2012 17:44:07 +0000 (UTC) (envelope-from marcel@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 244858FC22; Sat, 1 Dec 2012 17:44:07 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qB1Hi7aO058736; Sat, 1 Dec 2012 17:44:07 GMT (envelope-from marcel@svn.freebsd.org) Received: (from marcel@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qB1Hi7mD058735; Sat, 1 Dec 2012 17:44:07 GMT (envelope-from marcel@svn.freebsd.org) Message-Id: <201212011744.qB1Hi7mD058735@svn.freebsd.org> From: Marcel Moolenaar Date: Sat, 1 Dec 2012 17:44:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r243758 - head/lib/libc/gen X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Dec 2012 17:44:07 -0000 Author: marcel Date: Sat Dec 1 17:44:06 2012 New Revision: 243758 URL: http://svnweb.freebsd.org/changeset/base/243758 Log: In globextend() when the pathv vector cannot be (re-)allocated, don't free and clear the gl_pathv pointer in the glob_t structure. Such breaks the invariant of the glob_t structure, as stated in the comment right in front of the globextend() function. If gl_pathv was non-NULL, then gl_pathc was > 0. Making gl_pathv a NULL pointer without also setting gl_pathc to 0 is wrong. Since we otherwise don't free the memory associated with a glob_t in error cases, it's unlikely that this change will cause a memory leak that wasn't already there to begin with. Callers of glob(3) must call globfree(3) irrespective of whether glob(3) returned an error or not. Modified: head/lib/libc/gen/glob.c Modified: head/lib/libc/gen/glob.c ============================================================================== --- head/lib/libc/gen/glob.c Sat Dec 1 16:44:33 2012 (r243757) +++ head/lib/libc/gen/glob.c Sat Dec 1 17:44:06 2012 (r243758) @@ -718,13 +718,8 @@ globextend(const Char *path, glob_t *pgl pathv = pglob->gl_pathv ? realloc((char *)pglob->gl_pathv, newsize) : malloc(newsize); - if (pathv == NULL) { - if (pglob->gl_pathv) { - free(pglob->gl_pathv); - pglob->gl_pathv = NULL; - } + if (pathv == NULL) return (GLOB_NOSPACE); - } if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { /* first time around -- clear initial gl_offs items */