Bug 7090 - ccache's x_realloc() reads too much memory
Summary: ccache's x_realloc() reads too much memory
Status: CLOSED FIXED
Alias: None
Product: ccache
Classification: Unclassified
Component: ccache (show other bugs)
Version: 2.4
Hardware: Other Linux
: P3 normal
Target Milestone: 3.0
Assignee: Joel Rosdahl
QA Contact: Joel Rosdahl
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-02 13:27 UTC by Mike Frysinger
Modified: 2010-07-09 04:15 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Frysinger 2010-02-02 13:27:47 UTC
the current x_realloc() does:

void *x_realloc(void *ptr, size_t size)
{
    void *p2;
    if (!ptr) return x_malloc(size);
    p2 = malloc(size);
    if (!p2) {
        fatal("out of memory in x_realloc");
    }
    if (ptr) {
        memcpy(p2, ptr, size);
        free(ptr);
    }
    return p2;
}

there are multiple issues here:
 - the old pointer "ptr" has "size" bytes read from it, but there's no guarantee that the old buffer is larger than the new size
 - the second "if (ptr)" check is useless ... it already did a "if (!ptr)" at the top

since the first issue cant be fixed without tagging every alloc with custom information, the easiest answer is to do:
void *x_realloc(void *ptr, size_t size)
{
    void *p2 = realloc(ptr, size);
    if (!p2)
        fatal("out of memory in x_realloc");
    return p2;
}
Comment 1 Joel Rosdahl 2010-02-20 03:14:14 UTC
This bug was fixed in 52a9cd8eb8a69f9dc6944c047faf112b7137a07b.