Date: Thu, 26 Sep 2002 01:58:05 -0700 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: Barney Wolff <barney@tp.databus.com> Cc: stable@FreeBSD.ORG Subject: Re: [v]asprintf leaks memory Message-ID: <20020926085805.GA62047@HAL9000.homeunix.com> In-Reply-To: <20020926061617.GA16599@tp.databus.com> References: <20020925133219.GA59210@HAL9000.homeunix.com> <20020925155222.GA4874@tp.databus.com> <20020926061617.GA16599@tp.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Barney Wolff <barney@tp.databus.com>: > There is possibly a more serious bug here. If vfprintf returns with > f._bf._base NULL, it would seem that *f._p = '\0'; will store > into freed memory. Good point. I originally wrote a catch-all patch that would have fixed this by checking whether ret was -1 *and* f._bf_base was non-NULL. Then I tried to characterize the error more carefully and write a better patch. The catch-all one is *really* ugly. You're duplicating code in both asprintf() and vasprintf(), and by patching it that way, you're basically admitting that you don't know when the hell __vfprintf() remembers to free the buffer on error and when it forgets. As I said before, the underlying routines could use a rewrite. I would suggest using realloc() instead of reallocf() so that more reasonable invariants can be imposed upon __vfprintf(), and the malloc and free-on-error can be done in a single procedure. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020926085805.GA62047>