From 8821d8a213008eb723414c6c70de384830ea10d7 Mon Sep 17 00:00:00 2001
From: Justus Winter <4winter@informatik.uni-hamburg.de>
Date: Mon, 16 Jun 2014 17:34:22 +0200
Subject: libports: avoid realloc(3) corner case

If the size argument is 0, realloc may either return NULL, or return a
pointer that is only valid for use with free(3).  In either case, the
memory is freed.  So if realloc would return NULL (it does not on
GNU), the current code would double free p.

Found using the Clang Static Analyzer.

* libports/bucket-iterate.c (_ports_bucket_class_iterate): Avoid
calling realloc if no ports were matched.
---
 libports/bucket-iterate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libports')

diff --git a/libports/bucket-iterate.c b/libports/bucket-iterate.c
index babc2045..2d1b00d8 100644
--- a/libports/bucket-iterate.c
+++ b/libports/bucket-iterate.c
@@ -65,7 +65,7 @@ _ports_bucket_class_iterate (struct port_bucket *bucket,
     }
   pthread_mutex_unlock (&_ports_lock);
 
-  if (n != nr_items)
+  if (n != 0 && n != nr_items)
     {
       /* We allocated too much.  Release unused memory.  */
       void **new = realloc (p, n * sizeof *p);
-- 
cgit v1.2.3