Date: Thu, 20 Dec 2012 02:13:01 -0500 From: Eitan Adler <lists@eitanadler.com> To: Gabor Kovesdan <gabor@freebsd.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: use after free in grep? Message-ID: <CAF6rxg=Ni2Kcgdw2XrSVtU1f9eHaFt1-oBTNv8pm8An52x13nQ@mail.gmail.com>
index | next in thread | raw e-mail
Hey,
in xrealloc_impl
338 new_ptr = realloc(ptr, new_size);
339 if (new_ptr != NULL)
340 {
341 hash_table_del(xmalloc_table, ptr);
^^^ isn't this a use-after-free of ptr?
ยง7.22.3.5.2 says that ptr is deallocated after the call to realloc.
342 hash_table_add(xmalloc_table, new_ptr, (int)new_size, file,
line, func);
343 }
--
Eitan Adler
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=Ni2Kcgdw2XrSVtU1f9eHaFt1-oBTNv8pm8An52x13nQ>