This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] fix use-after-free in dcigettext.c


While that fix looks like it can't be wrong, looking at the surrounding
code it looks like there's a better fix.  The old value is always available
in the new copy, i.e. NEWMEM->next.  But about 30 lines below, we have:

		  newmem->next = transmem_list;
		  transmem_list = newmem;

It popping the element off and then putting it back on is entirely redundant.
The addition is necessary in the malloc (not realloc) case.  But it could
just be done inside that case.


Thanks,
Roland


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]