This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v2] vfprintf stack overflow [BZ #16617]


On Mon, 8 Dec 2014, Florian Weimer wrote:

> +		specs = malloc (nspecs_size);
> +		if (specs == NULL)
> +		  {
> +		    __set_errno (ENOMEM);
> +		    done = -1;
> +		    goto all_done;
> +		  }

It looks to me like this will leak the previous copy of specs on 
allocation failure, if the previous value was also malloced (so you need 
"specs = old;" or similar here to get the return path to free it if 
appropriate).

-- 
Joseph S. Myers
joseph@codesourcery.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]