This is the mail archive of the
glibc-bugs@sources.redhat.com
mailing list for the glibc project.
[Bug libc/346] New: wierd memory reallocation in _IO_vasprintf()
- From: "peak at argo dot troja dot mff dot cuni dot cz" <sourceware-bugzilla at sources dot redhat dot com>
- To: glibc-bugs at sources dot redhat dot com
- Date: 25 Aug 2004 23:22:16 -0000
- Subject: [Bug libc/346] New: wierd memory reallocation in _IO_vasprintf()
- Reply-to: sourceware-bugzilla at sources dot redhat dot com
There is the following piece of code in _IO_vasprintf() (libio/vasprintf.c):
...
/* Only use realloc if the size we need is of the same order of
magnitude then the memory we allocated. */
needed = sf._sbf._f._IO_write_ptr - sf._sbf._f._IO_write_base + 1;
allocated = sf._sbf._f._IO_write_end - sf._sbf._f._IO_write_base;
if ((allocated << 1) <= needed)
*result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed);
else
...
Afaik, the following inequality holds for any consistent writable instance of
struct _IO_FILE:
_IO_write_base <= _IO_write_ptr <= _IO_write_end
therefore allocated >= needed - 1, and consequently (allocated << 1) > needed
whenever allocated > 1 (and it is not big enough to overflow in << 1). This
makes the condition of "if" statement rather pointless. Should the condition
read (allocated >> 1) <= needed?
--
Summary: wierd memory reallocation in _IO_vasprintf()
Product: glibc
Version: 2.3.3
Status: NEW
Severity: minor
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: peak at argo dot troja dot mff dot cuni dot cz
CC: glibc-bugs at sources dot redhat dot com
http://sources.redhat.com/bugzilla/show_bug.cgi?id=346
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.