[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[avr-libc-dev] [bug #32702] Realloc can reduce size of location less tha
From: |
Vinnipuh |
Subject: |
[avr-libc-dev] [bug #32702] Realloc can reduce size of location less than (sizeof(struct __freelist) - sizeof(size_t)) |
Date: |
Mon, 07 Mar 2011 23:10:23 +0000 |
User-agent: |
Opera/9.63 (Windows NT 5.0; U; ru) Presto/2.1.1 |
URL:
<http://savannah.nongnu.org/bugs/?32702>
Summary: Realloc can reduce size of location less than
(sizeof(struct __freelist) - sizeof(size_t))
Project: AVR C Runtime Library
Submitted by: vinni
Submitted on: Пнд 07 Мар 2011 23:10:22
Category: Library
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: libc code
Status: None
Percent Complete: 0%
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 1.7.*
Fixed Release: None
_______________________________________________________
Details:
Necessary check into the beginning realloc as in malloc:
/*
* Our minimum chunk size is the size of a pointer (plus the
* size of the "sz" field, but we don't need to account for
* this), otherwise we could not possibly fit a freelist entry
* into the chunk later.
*/
if (len < sizeof(struct __freelist) - sizeof(size_t))
len = sizeof(struct __freelist) - sizeof(size_t);
Test case:
{
struct __freelist *fp;
char *p, *p1;
p = malloc( sizeof(struct __freelist) + 1 ); /// 5
if (!p)
return 1;
/* really size must not decrease */
p1 = realloc( p, sizeof(struct __freelist) - sizeof(size_t) - 1 );
/// 1
if (p != p1)
return 2;
fp = (struct __freelist *)(p - sizeof(size_t));
if ( fp->sz != sizeof(struct __freelist) + 1 )
return 3;
}
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?32702>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [avr-libc-dev] [bug #32702] Realloc can reduce size of location less than (sizeof(struct __freelist) - sizeof(size_t)),
Vinnipuh <=