> From: Derek Price [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 20, 2005 14:33
>
> Conrad T. Pino wrote:
>
> >Yes but the "free" function detects the write past the end and displays
> >a dialog box with "Abort", "Retry", "Ignore" options. Nothing odd occurs
> >when "free" isn't called. Looks clean to me.
>
> That isn't right. Since realloc(0,0) should return a valid pointer, you
> need to be able to pass it to free() without a problem. Some code may
> be making this assumption. Use the GNULIB replacement realloc in
> lib/realloc.c.
It IS a valid pointer that "free" will accept gladly provided NO WRITES
are performed OUTSIDE the allocated range. The "free" function checks
a guard byte at the end of the block to detect this error:
char *p;
p = realloc( NULL, 1 );
p[0] = 1; /* this is fine and */
free(p); /* free will be quite */
p = realloc( NULL, 1 );
p[0] = 1; /* this is fine but */
p[1] = 1; /* this is a no no and */
free(p); /* free will complain */
p = realloc( NULL, 0 );
p[0] = 1; /* this is a no no and */
free(p); /* free will complain */
> Regards,
Ditto,
> Derek
Conrad
_______________________________________________
Bug-cvs mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/bug-cvs
