This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12547] realloc(p, 0) violates C99
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 27 Feb 2015 19:11:31 +0000
- Subject: [Bug libc/12547] realloc(p, 0) violates C99
- Auto-submitted: auto-generated
- References: <bug-12547-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=12547
--- Comment #14 from Rich Felker <bugdal at aerifal dot cx> ---
Double-free is not easily detected except in the case where both frees take
place in sequence with no intervening allocations. For example, in a case like
this:
void *p = malloc(n);
realloc(p, 0);
void *q = malloc(n);
free(p);
it's very likely that line 4 will end up freeing the allocation made in line 3.
The resulting state is extremely dangerous and almost always leads to arbitrary
code execution if enough effort is put into the analysis.
Memory leaks, on the other hand, are at worst a DoS issue.
Marking of a feature as "obsolescent" does not grant the implementation
permission to do crazy things like printing messages. It's purely a warning to
applications that the interface may be removed, or its behavior may become
undefined, in future versions of the language standard. Code using it is still
perfectly valid and conforming to the current language standard.
--
You are receiving this mail because:
You are on the CC list for the bug.