Date: Mon, 28 Jan 2013 15:48:31 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r246035 - head/lib/libproc Message-ID: <201301281548.r0SFmVra023276@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Mon Jan 28 15:48:31 2013 New Revision: 246035 URL: http://svnweb.freebsd.org/changeset/base/246035 Log: - Compute the correct size to reallocate when doubling the size of the array of loaded objects to avoid a buffer overrun. - Use reallocf() to avoid leaking memory if the realloc() fails. PR: kern/175648 Submitted by: yuri@rawbw.com (1) MFC after: 1 week Modified: head/lib/libproc/proc_rtld.c Modified: head/lib/libproc/proc_rtld.c ============================================================================== --- head/lib/libproc/proc_rtld.c Mon Jan 28 12:58:37 2013 (r246034) +++ head/lib/libproc/proc_rtld.c Mon Jan 28 15:48:31 2013 (r246035) @@ -44,7 +44,8 @@ map_iter(const rd_loadobj_t *lop, void * if (phdl->nobjs >= phdl->rdobjsz) { phdl->rdobjsz *= 2; - phdl->rdobjs = realloc(phdl->rdobjs, phdl->rdobjsz); + phdl->rdobjs = reallocf(phdl->rdobjs, sizeof(*phdl->rdobjs) * + phdl->rdobjsz); if (phdl->rdobjs == NULL) return (-1); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301281548.r0SFmVra023276>