Page MenuHomeFreeBSD

rpcgen: Don't free() a pointer after realloc().
ClosedPublic

Authored by jhb on Nov 29 2022, 7:54 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 26 2024, 5:59 AM
Unknown Object (File)
Dec 20 2023, 6:30 AM
Unknown Object (File)
Sep 30 2023, 7:14 PM
Unknown Object (File)
Sep 21 2023, 10:21 PM
Unknown Object (File)
Jun 17 2023, 2:56 AM
Unknown Object (File)
May 11 2023, 7:07 PM
Unknown Object (File)
May 11 2023, 6:53 PM
Unknown Object (File)
May 11 2023, 6:49 PM
Subscribers

Details

Summary

A successful realloc() already frees the old pointer.

Reported by: GCC -Wuse-after-free

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Nov 29 2022, 7:54 PM
This revision is now accepted and ready to land.Nov 29 2022, 7:57 PM

I wonder how this ever worked.

I wonder how this ever worked.

Maybe in practice the first allocation setting argmax to 32 ends up being sufficient?

I wonder how this ever worked.

Maybe in practice the first allocation setting argmax to 32 ends up being sufficient?

jemalloc doesn't detect most misuse of free() so likely it wasn't used as you speculate or future allocations didn't use the same size bucket enough to end up with aliasing allocations.

This revision was automatically updated to reflect the committed changes.