[scponly] Re: scponly bug
Karl DeBisschop
kdebisschop at alert.infoplease.com
Wed Sep 18 08:01:06 EDT 2002
joe wrote:
> It may be simplest to avoid possible differences in implementation and
> to just to it "by hand" - realloc is sortof a shortcut to free,
> malloc, memcpy anyway. i'll go through the notes you sent more
> carefully and try to come up with something reasonable.
Maybe one apporoach is to use errno correct code involves errno.
The Unix98 standard requires malloc(), calloc(), and real
loc() to set errno to ENOMEM upon failure. Glibc assumes
that this is done (and the glibc versions of these rou
tines do this); if you use a private malloc implementation
that does not set errno, then certain library routines may
fail without having a reason in errno.
Basically, the problem arrises because if the requested siae is zero,
some implementations of realloc return null. Then you get into your
conditional and check outbuf. It need not have been changed by the above
operation, even if the memory segment ot points to has been freed. And
no all of the sudden you've got a memory violtaion. so adding errno to
the check could help.
Also, so far as I ahve been able to think it through, this case only
arises when the requested size is zero. How about adding that to the
check. So instead of
if (outbuf) {
we ave
if (outbuf && newlen != 0 && errno == ENOMEM) {
Not sure what splint thinks of it, but it seems like it might prevent
the memory violation, at least based on reading a bunch on man pages.
--
Karl
More information about the scponly
mailing list