summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2020-09-03 12:37:08 -0700
committerLibravatar Junio C Hamano <gitster@pobox.com>2020-09-03 12:37:08 -0700
commit56b891ead142b4df001e2f917665ad5840a02820 (patch)
treef605a102de77d622fa4c4cb94e12a134351a7486
parentMerge branch 'jc/post-checkout-doc' (diff)
parentxrealloc: do not reuse pointer freed by zero-length realloc() (diff)
downloadtgif-56b891ead142b4df001e2f917665ad5840a02820.tar.xz
Merge branch 'jk/xrealloc-avoid-use-after-free'
It was possible for xrealloc() to send a non-NULL pointer that has been freed, which has been fixed. * jk/xrealloc-avoid-use-after-free: xrealloc: do not reuse pointer freed by zero-length realloc()
-rw-r--r--wrapper.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/wrapper.c b/wrapper.c
index 4ff4a9c3db..bcda41e374 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -117,10 +117,13 @@ void *xrealloc(void *ptr, size_t size)
{
void *ret;
+ if (!size) {
+ free(ptr);
+ return xmalloc(0);
+ }
+
memory_limit_check(size, 0);
ret = realloc(ptr, size);
- if (!ret && !size)
- ret = realloc(ptr, 1);
if (!ret)
die("Out of memory, realloc failed");
return ret;