realloc bug

Kamen Penev kamen at penev.net
Thu Sep 4 17:27:47 UTC 2003


I submitted this with GNATS, and it said it took it, but I never
received the confirmation email and it doesn't show up in the query, so
here it is again:

Synopsis: realloc deallocates argument pointer if new_area cannot be
obtained
Release: RTEMS-4.5 ss20030417
Description:
Accordingly to "C Reference Manual", p. 388, documentation of realloc:

"If the request cannot be satisfied, a null pointer is returned and the
old region is not disturbed."

However, the RTEMS definition of realloc contains this:
-----------------------------------
  new_area = malloc( size );

  MSBUMP(malloc_calls, -1);   /* subtract off the malloc */

  if ( !new_area ) {
    free( ptr );
    return (void *) 0;
  }
-----------------------------------

free( ptr ) is erroneous and should be removed. When realloc fails, the
old region must remain intact.

How-To-Repeat:
Allocate an array and keep growing it with realloc until realloc fails.

Fix:
Remove the call to free() at malloc.c:282.

-- 
Kamen






More information about the users mailing list