This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/12547] realloc(p, 0) violates C99

From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 27 Feb 2015 19:11:31 +0000
Subject: [Bug libc/12547] realloc(p, 0) violates C99
Auto-submitted: auto-generated
References: <bug-12547-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=12547

--- Comment #14 from Rich Felker <bugdal at aerifal dot cx> ---
Double-free is not easily detected except in the case where both frees take
place in sequence with no intervening allocations. For example, in a case like
this:

void *p = malloc(n);
realloc(p, 0);
void *q = malloc(n);
free(p);

it's very likely that line 4 will end up freeing the allocation made in line 3.
The resulting state is extremely dangerous and almost always leads to arbitrary
code execution if enough effort is put into the analysis.

Memory leaks, on the other hand, are at worst a DoS issue.

Marking of a feature as "obsolescent" does not grant the implementation
permission to do crazy things like printing messages. It's purely a warning to
applications that the interface may be removed, or its behavior may become
undefined, in future versions of the language standard. Code using it is still
perfectly valid and conforming to the current language standard.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]