Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > If the first realloc() call fails then 'd' becomes NULL, > subsequent realloc() retries will behave like malloc() and > the the original src pointer is never freed. Further more > the newly allocated data then contains uninitialized data > where the previous pids had been stored. > Avoid this by passing the the original pointer from '*src' > to realloc(). > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > --- > lxcfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lxcfs.c b/lxcfs.c > index 8605000..d738e79 100644 > --- a/lxcfs.c > +++ b/lxcfs.c > @@ -87,7 +87,7 @@ static void must_strcat_pid(char **src, size_t *sz, size_t > *asz, pid_t pid) > *asz = BUF_RESERVE_SIZE; > } else if (tmplen + *sz + 1 >= *asz) { > do { > - d = realloc(d, *asz + BUF_RESERVE_SIZE); > + d = realloc(*src, *asz + BUF_RESERVE_SIZE);
D'oh. This needed to not deref src :) Shoulda spotted that right away. (Pushing the fix to git) > } while (!d); > *src = d; > *asz += BUF_RESERVE_SIZE; > -- > 2.1.4 > > > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel