Erik de Castro Lopo wrote: > I found a problem with this patch. > > Specifcally, where ever the patch tries to free() the old pointer > where safe_realloc_mul_2op_() fails, can result in a double free(). > > This is because, when safe_realloc_mul_2op_() has either of its size > arguments equal to zero, will call realloc(ptr, 0) which according to > the realloc manpage is an implicit free() anyway. > > Working on a fix for this and re-visiting some of this realloc() > stuff. >
According to the following links -- http://www.cplusplus.com/reference/cstdlib/realloc/ http://stackoverflow.com/questions/6502077/malloc-and-realloc-functions http://stackoverflow.com/questions/16759849/using-realloc-x-0-instead-of-free-and-using-malloc-with-length-of-a-string -- the realloc behavior is different in C90 and C99: realloc(ptr,0) will free ptr in C90 but the behaviour is implementation defined in C99. So one shouldn't use realloc(ptr,0) instead of free(ptr). For example: in metadata_object.c functions that call realloc(ptr, size) check the size argument and never call realloc() if size==0. What a caller function expects from safe_realloc_mul_2op_(ptr, sz1, sz2) if it calls it with the 2nd or 3rd argunent equal to 0? And i have no idea what /* preserve POSIX realloc(ptr, 0) semantics */ comment means. _______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev