Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Jun 2014 20:23:11 +0200
From:      Stefan Farfeleder <stefanf@FreeBSD.org>
To:        "Pedro F. Giffuni" <pfg@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r267675 - head/lib/libc/regex
Message-ID:  <20140620182311.GA1214@mole.fafoe.narf.at>
In-Reply-To: <201406201529.s5KFTAEB068038@svn.freebsd.org>
References:  <201406201529.s5KFTAEB068038@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jun 20, 2014 at 03:29:10PM +0000, Pedro F. Giffuni wrote:
> Author: pfg
> Date: Fri Jun 20 15:29:09 2014
> New Revision: 267675
> URL: http://svnweb.freebsd.org/changeset/base/267675
> 
> Log:
>   regex: Make use of reallocf().
>   
>   Use of reallocf is useful in libraries as we are not certain the
>   application will exit after NULL.
>   
>   This somewhat reduces portability but if since you are building
>   this as part of libc it is likely you have our non-standard
>   reallocf(3) already.
>   
>   Reviewed by:	ache
>   MFC after:	5 days
> 
> Modified:
>   head/lib/libc/regex/regcomp.c
> 
> Modified: head/lib/libc/regex/regcomp.c
> ==============================================================================
> --- head/lib/libc/regex/regcomp.c	Fri Jun 20 13:26:49 2014	(r267674)
> +++ head/lib/libc/regex/regcomp.c	Fri Jun 20 15:29:09 2014	(r267675)
> @@ -1111,7 +1111,7 @@ allocset(struct parse *p)
>  {
>  	cset *cs, *ncs;
>  
> -	ncs = realloc(p->g->sets, (p->g->ncsets + 1) * sizeof(*ncs));
> +	ncs = reallocf(p->g->sets, (p->g->ncsets + 1) * sizeof(*ncs));
>  	if (ncs == NULL) {
>  		SETERROR(REG_ESPACE);
>  		return (NULL);
> @@ -1174,7 +1174,7 @@ CHadd(struct parse *p, cset *cs, wint_t 
>  	if (ch < NC)
>  		cs->bmp[ch >> 3] |= 1 << (ch & 7);
>  	else {
> -		newwides = realloc(cs->wides, (cs->nwides + 1) *
> +		newwides = reallocf(cs->wides, (cs->nwides + 1) *
>  		    sizeof(*cs->wides));
>  		if (newwides == NULL) {
>  			SETERROR(REG_ESPACE);

Hi Pedro,

I don't think these changes are OK. If reallocf() fails here, the
cs->wides pointer will be freed and later freeset() will call
free(cs->wides), probably crashing. The other cases are most probably
similar though I haven't examined them closely.

BR,
Stefan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140620182311.GA1214>