[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

realloc bug

Date: Thu, 04 Sep 2003 10:27:47 -0700
From: kamen at penev.net (Kamen Penev)
Subject: realloc bug

I submitted this with GNATS, and it said it took it, but I never
received the confirmation email and it doesn't show up in the query, so
here it is again:

Synopsis: realloc deallocates argument pointer if new_area cannot be
obtained
Release: RTEMS-4.5 ss20030417
Description:
Accordingly to "C Reference Manual", p. 388, documentation of realloc:

"If the request cannot be satisfied, a null pointer is returned and the
old region is not disturbed."

However, the RTEMS definition of realloc contains this:
-----------------------------------
  new_area = malloc( size );

  MSBUMP(malloc_calls, -1);   /* subtract off the malloc */

  if ( !new_area ) {
    free( ptr );
    return (void *) 0;
  }
-----------------------------------

free( ptr ) is erroneous and should be removed. When realloc fails, the
old region must remain intact.

How-To-Repeat:
Allocate an array and keep growing it with realloc until realloc fails.

Fix:
Remove the call to free() at malloc.c:282.

-- 
Kamen

Prev by Date: math.h
Next by Date: passing -D's through configure
Previous by thread: Question about ns16550 driver
Next by thread: Regarding the possible error in i386ex start.S
Index(es):
- Date
- Thread