This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

memory allocation bug in posix_spawn_*

To: libc-alpha at sources dot redhat dot com
Subject: memory allocation bug in posix_spawn_*
From: Bruno Haible <haible at ilog dot fr>
Date: Sun, 1 Oct 2000 14:47:23 +0200 (CEST)


I had a program crashing in malloc in an fopen() call right after a call to
posix_spawn_file_actions_destroy(), and indeed the posix_spawn_file_actions_*
functions allocate too few memory.


2000-09-30  Bruno Haible  <haible@clisp.cons.org>

	* posix/spawn_faction_init.c: Include "spawn_int.h".
	(__posix_spawn_file_actions_realloc): Fix second realloc argument.

*** glibc-20000928/posix/spawn_faction_init.c.bak	Sat Apr 15 18:32:02 2000
--- glibc-20000928/posix/spawn_faction_init.c	Sat Sep 30 21:17:04 2000
***************
*** 21,43 ****
  #include <stdlib.h>
  #include <string.h>
  
  
  /* Function used to increase the size of the allocated array.  This
     function is called from the `add'-functions.  */
  int
  __posix_spawn_file_actions_realloc (posix_spawn_file_actions_t *file_actions)
  {
    void *newmem = realloc (file_actions->__actions,
! 			  file_actions->__allocated += 8);
  
    if (newmem == NULL)
!     {
!       /* Not enough memory.  */
!       file_actions->__allocated -= 8;
!       return ENOMEM;
!     }
  
    file_actions->__actions = (struct __spawn_action *) newmem;
  
    return 0;
  }
--- 21,44 ----
  #include <stdlib.h>
  #include <string.h>
  
+ #include "spawn_int.h"
+ 
  
  /* Function used to increase the size of the allocated array.  This
     function is called from the `add'-functions.  */
  int
  __posix_spawn_file_actions_realloc (posix_spawn_file_actions_t *file_actions)
  {
+   int newalloc = file_actions->__allocated + 8;
    void *newmem = realloc (file_actions->__actions,
! 			  newalloc * sizeof (struct __spawn_action));
  
    if (newmem == NULL)
!     /* Not enough memory.  */
!     return ENOMEM;
  
    file_actions->__actions = (struct __spawn_action *) newmem;
+   file_actions->__allocated = newalloc;
  
    return 0;
  }
*** glibc-20000928/posix/spawn_faction_addclose.c.bak	Fri Aug 25 23:53:39 2000
--- glibc-20000928/posix/spawn_faction_addclose.c	Sat Sep 30 21:10:36 2000
***************
*** 35,44 ****
    if (fd < 0 || fd >= maxfd)
      return EBADF;
  
!   /* Allocate more memory of needed.  */
    if (file_actions->__used == file_actions->__allocated
        && __posix_spawn_file_actions_realloc (file_actions) != 0)
!     /* THis can only mean we ran out of memory.  */
      return ENOMEM;
  
    /* Add the new value.  */
--- 35,44 ----
    if (fd < 0 || fd >= maxfd)
      return EBADF;
  
!   /* Allocate more memory if needed.  */
    if (file_actions->__used == file_actions->__allocated
        && __posix_spawn_file_actions_realloc (file_actions) != 0)
!     /* This can only mean we ran out of memory.  */
      return ENOMEM;
  
    /* Add the new value.  */
*** glibc-20000928/posix/spawn_faction_adddup2.c.bak	Fri Aug 25 23:53:39 2000
--- glibc-20000928/posix/spawn_faction_adddup2.c	Sat Sep 30 21:09:26 2000
***************
*** 35,44 ****
    if (fd < 0 || newfd < 0 || fd >= maxfd || newfd >= maxfd)
      return EBADF;
  
!   /* Allocate more memory of needed.  */
    if (file_actions->__used == file_actions->__allocated
        && __posix_spawn_file_actions_realloc (file_actions) != 0)
!     /* THis can only mean we ran out of memory.  */
      return ENOMEM;
  
    /* Add the new value.  */
--- 35,44 ----
    if (fd < 0 || newfd < 0 || fd >= maxfd || newfd >= maxfd)
      return EBADF;
  
!   /* Allocate more memory if needed.  */
    if (file_actions->__used == file_actions->__allocated
        && __posix_spawn_file_actions_realloc (file_actions) != 0)
!     /* This can only mean we ran out of memory.  */
      return ENOMEM;
  
    /* Add the new value.  */
*** glibc-20000928/posix/spawn_faction_addopen.c.bak	Fri Aug 25 23:53:39 2000
--- glibc-20000928/posix/spawn_faction_addopen.c	Sat Sep 30 21:08:52 2000
***************
*** 36,45 ****
    if (fd < 0 || fd >= maxfd)
      return EBADF;
  
!   /* Allocate more memory of needed.  */
    if (file_actions->__used == file_actions->__allocated
        && __posix_spawn_file_actions_realloc (file_actions) != 0)
!     /* THis can only mean we ran out of memory.  */
      return ENOMEM;
  
    /* Add the new value.  */
--- 36,45 ----
    if (fd < 0 || fd >= maxfd)
      return EBADF;
  
!   /* Allocate more memory if needed.  */
    if (file_actions->__used == file_actions->__allocated
        && __posix_spawn_file_actions_realloc (file_actions) != 0)
!     /* This can only mean we ran out of memory.  */
      return ENOMEM;
  
    /* Add the new value.  */

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]