Date: Fri, 20 Jun 2014 14:37:06 -0500 From: Pedro Giffuni <pfg@FreeBSD.org> To: Stefan Farfeleder <stefanf@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r267675 - head/lib/libc/regex Message-ID: <53A48D62.4060801@FreeBSD.org> In-Reply-To: <20140620182311.GA1214@mole.fafoe.narf.at> References: <201406201529.s5KFTAEB068038@svn.freebsd.org> <20140620182311.GA1214@mole.fafoe.narf.at>
next in thread | previous in thread | raw e-mail | index | archive | help
El 6/20/2014 1:23 PM, Stefan Farfeleder escribió: > On Fri, Jun 20, 2014 at 03:29:10PM +0000, Pedro F. Giffuni wrote: >> Author: pfg >> Date: Fri Jun 20 15:29:09 2014 >> New Revision: 267675 >> URL: http://svnweb.freebsd.org/changeset/base/267675 >> >> Log: >> regex: Make use of reallocf(). >> >> Use of reallocf is useful in libraries as we are not certain the >> application will exit after NULL. >> >> This somewhat reduces portability but if since you are building >> this as part of libc it is likely you have our non-standard >> reallocf(3) already. >> >> Reviewed by: ache >> MFC after: 5 days >> >> Modified: >> head/lib/libc/regex/regcomp.c >> >> Modified: head/lib/libc/regex/regcomp.c >> ============================================================================== >> --- head/lib/libc/regex/regcomp.c Fri Jun 20 13:26:49 2014 (r267674) >> +++ head/lib/libc/regex/regcomp.c Fri Jun 20 15:29:09 2014 (r267675) >> @@ -1111,7 +1111,7 @@ allocset(struct parse *p) >> { >> cset *cs, *ncs; >> >> - ncs = realloc(p->g->sets, (p->g->ncsets + 1) * sizeof(*ncs)); >> + ncs = reallocf(p->g->sets, (p->g->ncsets + 1) * sizeof(*ncs)); >> if (ncs == NULL) { >> SETERROR(REG_ESPACE); >> return (NULL); >> @@ -1174,7 +1174,7 @@ CHadd(struct parse *p, cset *cs, wint_t >> if (ch < NC) >> cs->bmp[ch >> 3] |= 1 << (ch & 7); >> else { >> - newwides = realloc(cs->wides, (cs->nwides + 1) * >> + newwides = reallocf(cs->wides, (cs->nwides + 1) * >> sizeof(*cs->wides)); >> if (newwides == NULL) { >> SETERROR(REG_ESPACE); > > Hi Pedro, > > I don't think these changes are OK. If reallocf() fails here, the > cs->wides pointer will be freed and later freeset() will call > free(cs->wides), probably crashing. The other cases are most probably > similar though I haven't examined them closely. > OK ... I don't think there is any problem: If reallocf fails, newwides will be set to NULL and if free() is called it doesn't do anything when the argument is NULL. Also freeset() is meant to be called to "free a now-unused set" and it is not called within the library. I would think using a value when the allocation has failed is a much more serious issue than attempting to fail to free it after trying to use it. ;-). Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53A48D62.4060801>