realloc bug
Kamen Penev
kamen at penev.net
Thu Sep 4 17:27:47 UTC 2003
I submitted this with GNATS, and it said it took it, but I never
received the confirmation email and it doesn't show up in the query, so
here it is again:
Synopsis: realloc deallocates argument pointer if new_area cannot be
obtained
Release: RTEMS-4.5 ss20030417
Description:
Accordingly to "C Reference Manual", p. 388, documentation of realloc:
"If the request cannot be satisfied, a null pointer is returned and the
old region is not disturbed."
However, the RTEMS definition of realloc contains this:
-----------------------------------
new_area = malloc( size );
MSBUMP(malloc_calls, -1); /* subtract off the malloc */
if ( !new_area ) {
free( ptr );
return (void *) 0;
}
-----------------------------------
free( ptr ) is erroneous and should be removed. When realloc fails, the
old region must remain intact.
How-To-Repeat:
Allocate an array and keep growing it with realloc until realloc fails.
Fix:
Remove the call to free() at malloc.c:282.
--
Kamen
More information about the users
mailing list