diff options
author | Junio C Hamano <gitster@pobox.com> | 2020-09-03 12:37:08 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2020-09-03 12:37:08 -0700 |
commit | 56b891ead142b4df001e2f917665ad5840a02820 (patch) | |
tree | f605a102de77d622fa4c4cb94e12a134351a7486 | |
parent | Merge branch 'jc/post-checkout-doc' (diff) | |
parent | xrealloc: do not reuse pointer freed by zero-length realloc() (diff) | |
download | tgif-56b891ead142b4df001e2f917665ad5840a02820.tar.xz |
Merge branch 'jk/xrealloc-avoid-use-after-free'
It was possible for xrealloc() to send a non-NULL pointer that has
been freed, which has been fixed.
* jk/xrealloc-avoid-use-after-free:
xrealloc: do not reuse pointer freed by zero-length realloc()
-rw-r--r-- | wrapper.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -117,10 +117,13 @@ void *xrealloc(void *ptr, size_t size) { void *ret; + if (!size) { + free(ptr); + return xmalloc(0); + } + memory_limit_check(size, 0); ret = realloc(ptr, size); - if (!ret && !size) - ret = realloc(ptr, 1); if (!ret) die("Out of memory, realloc failed"); return ret; |