Merge branch 'jk/xrealloc-avoid-use-after-free'

It was possible for xrealloc() to send a non-NULL pointer that has been freed, which has been fixed. * jk/xrealloc-avoid-use-after-free: xrealloc: do not reuse pointer freed by zero-length realloc()
2024-08-27 19:49:21 +00:00 · 2020-09-03 12:37:08 -07:00 · 2020-09-03 12:37:08 -07:00 · 56b891ead1
parent 2f1757e60a 6479ea4a8a
commit 56b891ead1
1 changed files with 5 additions and 2 deletions
--- a/wrapper.c
+++ b/wrapper.c
@ -117,10 +117,13 @@ void *xrealloc(void *ptr, size_t size)
 {
 	void *ret;

+	if (!size) {
+		free(ptr);
+		return xmalloc(0);
+	}
+
 	memory_limit_check(size, 0);
 	ret = realloc(ptr, size);
-	if (!ret && !size)
-		ret = realloc(ptr, 1);
 	if (!ret)
 		die("Out of memory, realloc failed");
 	return ret;