Date: Thu, 20 Dec 2012 02:13:01 -0500 From: Eitan Adler <lists@eitanadler.com> To: Gabor Kovesdan <gabor@freebsd.org> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: use after free in grep? Message-ID: <CAF6rxg=Ni2Kcgdw2XrSVtU1f9eHaFt1-oBTNv8pm8An52x13nQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hey,
in xrealloc_impl
338 new_ptr =3D realloc(ptr, new_size);
339 if (new_ptr !=3D NULL)
340 {
341 hash_table_del(xmalloc_table, ptr);
^^^ isn't this a use-after-free of ptr?
=C2=A77.22.3.5.2 says that ptr is deallocated after the call to realloc.
342 hash_table_add(xmalloc_table, new_ptr, (int)new_size, file,
line, func);
343 }
--=20
Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=Ni2Kcgdw2XrSVtU1f9eHaFt1-oBTNv8pm8An52x13nQ>