This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/12547] New: realloc(p, 0) violates C99


http://sourceware.org/bugzilla/show_bug.cgi?id=12547

           Summary: realloc(p, 0) violates C99
           Product: glibc
           Version: 2.13
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: msebor@gmail.com


The C99 standard specifies that an implementation may return NULL from a call
to realloc(p, 0). However, in such a case a conforming implementation must
avoid freeing the space pointed to by p and a program must call free(p). The
test case below shows that glibc violates this C99 requirement, causing a
program to free the space twice. Note that this C99 requirement to avoid
freeing the pointer is in contrast to POSIX -- see the discussion on the
austin-group-l list starting with this post:
https://www.opengroup.org/sophocles/show_mail.tpl?CALLER=show_archive.tpl&source=L&listname=austin-group-l&id=15252

$ cat <<EOF | gcc -xc - && ./a.out 
#include <stdlib.h>

int main(void) {
    void *p, *q;

    p = malloc(1);
    q = realloc(p, 0);

    if (p && !q)
        free(p);

    return 0;
}
EOF
*** glibc detected *** double free or corruption (fasttop): 0x0000000000501010
***
Aborted

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]