Merge branch 'jk/xrealloc-avoid-use-after-free'

It was possible for xrealloc() to send a non-NULL pointer that has been freed, which has been fixed. * jk/xrealloc-avoid-use-after-free: xrealloc: do not reuse pointer freed by zero-length realloc()
author: Junio C Hamano <gitster@pobox.com> 2020-09-03 12:37:08 -0700
committer: Junio C Hamano <gitster@pobox.com> 2020-09-03 12:37:08 -0700
commit: 56b891ead142b4df001e2f917665ad5840a02820 (patch)
tree: f605a102de77d622fa4c4cb94e12a134351a7486
parent: Merge branch 'jc/post-checkout-doc' (diff)
parent: xrealloc: do not reuse pointer freed by zero-length realloc() (diff)
download: tgif-56b891ead142b4df001e2f917665ad5840a02820.tar.xz
1 files changed, 5 insertions, 2 deletions
diff --git a/wrapper.c b/wrapper.c
index 4ff4a9c3db..bcda41e374 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -117,10 +117,13 @@ void *xrealloc(void *ptr, size_t size)
 {
 	void *ret;
 
+	if (!size) {
+		free(ptr);
+		return xmalloc(0);
+	}
+
 	memory_limit_check(size, 0);
 	ret = realloc(ptr, size);
-	if (!ret && !size)
-		ret = realloc(ptr, 1);
 	if (!ret)
 		die("Out of memory, realloc failed");
 	return ret;
author	Junio C Hamano <gitster@pobox.com>	2020-09-03 12:37:08 -0700
committer	Junio C Hamano <gitster@pobox.com>	2020-09-03 12:37:08 -0700
commit	56b891ead142b4df001e2f917665ad5840a02820 (patch)
tree	f605a102de77d622fa4c4cb94e12a134351a7486
parent	Merge branch 'jc/post-checkout-doc' (diff)
parent	xrealloc: do not reuse pointer freed by zero-length realloc() (diff)
download	tgif-56b891ead142b4df001e2f917665ad5840a02820.tar.xz