URL:
<http://savannah.nongnu.org/bugs/?32702>
Summary: Realloc can reduce size of location less than
(sizeof(struct __freelist) - sizeof(size_t))
Project: AVR C Runtime Library
Submitted by: vinni
Submitted on: Пнд 07 Мар 2011 23:10:22
Category: Library
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: libc code
Status: None
Percent Complete: 0%
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 1.7.*
Fixed Release: None
_______________________________________________________
Details:
Necessary check into the beginning realloc as in malloc:
/*
* Our minimum chunk size is the size of a pointer (plus the
* size of the "sz" field, but we don't need to account for
* this), otherwise we could not possibly fit a freelist entry
* into the chunk later.
*/
if (len < sizeof(struct __freelist) - sizeof(size_t))
len = sizeof(struct __freelist) - sizeof(size_t);
Test case:
{
struct __freelist *fp;
char *p, *p1;
p = malloc( sizeof(struct __freelist) + 1 ); /// 5
if (!p)
return 1;
/* really size must not decrease */
p1 = realloc( p, sizeof(struct __freelist) - sizeof(size_t) - 1 );
/// 1
if (p != p1)
return 2;
fp = (struct __freelist *)(p - sizeof(size_t));
if ( fp->sz != sizeof(struct __freelist) + 1 )
return 3;
}
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?32702>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
_______________________________________________
AVR-libc-dev mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
