[PATCH:xdm 1/2] Only free input or output to realloc, not both
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Mar 6 17:01:55 PST 2015
In error cleanup path, check to see if realloc returned NULL,
if so, free the still valid input pointer; otherwise the input is
no longer valid, so ignore it and free the realloc output pointer.
Avoids potential double free if you run out of memory at the exact
right spot.
Introduced-by: commit d39dbde390f0f609c03dbd79f0bcc6a3486ca8a3
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
xdm/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xdm/util.c b/xdm/util.c
index 2e2cdd7..732ae35 100644
--- a/xdm/util.c
+++ b/xdm/util.c
@@ -233,8 +233,8 @@ parseArgs (char **argv, const char *string)
save = malloc ((unsigned) (string - word + 1));
if (!newargv || !save) {
LogOutOfMem ("parseArgs");
- free (argv);
- free (newargv);
+ /* free whichever survived realloc() */
+ free (newargv ? newargv : argv);
free (save);
return NULL;
} else {
--
1.7.9.2
More information about the xorg-devel
mailing list