On Wed, Jul 18, 2018 at 12:30:41PM +0200, Miroslav Lichvar wrote: > Should safe_realloc_add_2op_() be > changed to use safe_realloc_() instead of realloc()? Is there any code > in flac that relies on the current behavior?
It does indeed look like some code that (indirectly) uses the safe_realloc_*() functions relies on the pointer not being freed. The reallocation errors are not handled and propagated back, so the pointers that would be freed might be dereferenced again. Please ignore the patches I sent. The callers need to be fixed too. This will require a careful review of a lot of code. -- Miroslav Lichvar _______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev