Page MenuHomeFreeBSD

rpcgen: Don't free() a pointer after realloc().
ClosedPublic

Authored by jhb on Nov 29 2022, 7:54 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 3 2024, 8:49 AM
Unknown Object (File)
Oct 3 2024, 5:21 AM
Unknown Object (File)
Oct 2 2024, 7:27 PM
Unknown Object (File)
Oct 2 2024, 6:26 PM
Unknown Object (File)
Oct 2 2024, 4:00 PM
Unknown Object (File)
Oct 2 2024, 10:17 AM
Unknown Object (File)
Oct 2 2024, 6:15 AM
Unknown Object (File)
Oct 2 2024, 4:24 AM
Subscribers

Details

Summary

A successful realloc() already frees the old pointer.

Reported by: GCC -Wuse-after-free

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 48541
Build 45427: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Nov 29 2022, 7:54 PM
This revision is now accepted and ready to land.Nov 29 2022, 7:57 PM

I wonder how this ever worked.

I wonder how this ever worked.

Maybe in practice the first allocation setting argmax to 32 ends up being sufficient?

I wonder how this ever worked.

Maybe in practice the first allocation setting argmax to 32 ends up being sufficient?

jemalloc doesn't detect most misuse of free() so likely it wasn't used as you speculate or future allocations didn't use the same size bucket enough to end up with aliasing allocations.

This revision was automatically updated to reflect the committed changes.