[PATCH] Potential memory leak in argz_replace.c

Corinna Vinschen vinschen@redhat.com
Mon Jun 1 08:18:00 GMT 2015

On May 31 21:27, David Stacey wrote:
> On 27/05/2015 11:16, Corinna Vinschen wrote:
> >However, there appear to be more issues with this function.  E.g., when
> >allocating new_argz, it's never tested if the allocation worked.  Also,
> >the expression `*argz = (char *)realloc(*argz, new_argz_len)', when
> >failing, will overwrite *argz with NULL.  When that happens the caller
> >potentially loses its (un-free'd) argz pointer with no way to recover.
> >
> >Care to fix those as well?
> 'Twould be a pleasure.
> Dave.
> newlib/ChangeLog
> 2015-05-31  David Stacey <...>
>     * libc/argz/argz_replace.c: Corrected behaviour when memory is
> exhausted.

Thanks but, uhm, that didn't quite work out:

  libc/argz/argz_replace.c: In function ‘argz_replace’:
  libc/argz/argz_replace.c:75:26: error: assignment makes integer from pointer without a cast [-Werror]
	 if(!(*argz_realloc = (char *)realloc(*argz, new_argz_len)))
  libc/argz/argz_replace.c:80:12: error: assignment from incompatible pointer type [-Werror]
	 argz = argz_realloc;
  cc1: all warnings being treated as errors

I fixed that and applied the patch.


Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/newlib/attachments/20150601/0c4cd371/attachment.sig>

More information about the Newlib mailing list