avr-libc-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[avr-libc-dev] [bug #32702] Realloc can reduce size of location less tha


From: Vinnipuh
Subject: [avr-libc-dev] [bug #32702] Realloc can reduce size of location less than (sizeof(struct __freelist) - sizeof(size_t))
Date: Mon, 07 Mar 2011 23:10:23 +0000
User-agent: Opera/9.63 (Windows NT 5.0; U; ru) Presto/2.1.1

URL:
  <http://savannah.nongnu.org/bugs/?32702>

                 Summary: Realloc can reduce size of location less than
(sizeof(struct __freelist) - sizeof(size_t))
                 Project: AVR C Runtime Library
            Submitted by: vinni
            Submitted on: Пнд 07 Мар 2011 23:10:22
                Category: Library
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: libc code
                  Status: None
        Percent Complete: 0%
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.7.*
           Fixed Release: None

    _______________________________________________________

Details:


Necessary check into the beginning realloc as in malloc:

        /*
         * Our minimum chunk size is the size of a pointer (plus the
         * size of the "sz" field, but we don't need to account for
         * this), otherwise we could not possibly fit a freelist entry
         * into the chunk later.
         */
        if (len < sizeof(struct __freelist) - sizeof(size_t))
                len = sizeof(struct __freelist) - sizeof(size_t);
                
Test case:
{
        struct __freelist *fp;
        char *p, *p1;

        p = malloc( sizeof(struct __freelist) + 1 );    /// 5
        if (!p)
                return 1;       
                
        /* really size must not decrease */
        p1 = realloc( p,  sizeof(struct __freelist) - sizeof(size_t) - 1 );     
/// 1
        if (p != p1)
                return 2;
                
        fp = (struct __freelist *)(p - sizeof(size_t));
        if ( fp->sz != sizeof(struct __freelist) + 1 )
                return 3;
}       
                




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?32702>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]