This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/346] New: wierd memory reallocation in _IO_vasprintf()


There is the following piece of code in _IO_vasprintf() (libio/vasprintf.c):
  ...
  /* Only use realloc if the size we need is of the same order of
     magnitude then the memory we allocated.  */
  needed = sf._sbf._f._IO_write_ptr - sf._sbf._f._IO_write_base + 1;
  allocated = sf._sbf._f._IO_write_end - sf._sbf._f._IO_write_base;
  if ((allocated << 1) <= needed)
    *result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed);
  else
  ...
Afaik, the following inequality holds for any consistent writable instance of
struct _IO_FILE:
  _IO_write_base <= _IO_write_ptr <= _IO_write_end
therefore allocated >= needed - 1, and consequently (allocated << 1) > needed
whenever allocated > 1 (and it is not big enough to overflow in << 1). This
makes the condition of "if" statement rather pointless. Should the condition
read (allocated >> 1) <= needed?

-- 
           Summary: wierd memory reallocation in _IO_vasprintf()
           Product: glibc
           Version: 2.3.3
            Status: NEW
          Severity: minor
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: peak at argo dot troja dot mff dot cuni dot cz
                CC: glibc-bugs at sources dot redhat dot com


http://sources.redhat.com/bugzilla/show_bug.cgi?id=346

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]