use after free in grep?

Eitan Adler lists at eitanadler.com
Thu Dec 20 07:13:38 UTC 2012

Previous message: Another WTF moment
Next message: use after free in grep?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey,

in xrealloc_impl

338   new_ptr = realloc(ptr, new_size);
339   if (new_ptr != NULL)
340     {
341       hash_table_del(xmalloc_table, ptr);

^^^ isn't this a use-after-free of ptr?

§7.22.3.5.2 says that ptr is deallocated after the call to realloc.

342       hash_table_add(xmalloc_table, new_ptr, (int)new_size, file,
line, func);
343     }



-- 
Eitan Adler

Previous message: Another WTF moment
Next message: use after free in grep?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the freebsd-hackers mailing list