Skip to content

Possible memory leak #20

Description

@Florisheinen1

I have encountered an error with a possible memory leak and an out-of-bounds memory access as a result:

buffer/buffer.c

Lines 134 to 138 in 736ba3c

buffer_resize(buffer_t *self, size_t n) {
n = nearest_multiple_of(1024, n);
self->len = n;
self->alloc = self->data = realloc(self->alloc, n + 1);
if (!self->alloc) return -1;

  1. The len variable gets set even when the realloc call fails, resulting in out-of-bounds reads and writes.
  2. According to the C reference,the original pointer is still valid if the reallocation fails. In the current implementation, it immediately overwrites both self->alloc as well as self->data before it returns, making it impossible to free the original allocation. Unless of course the caller has a copy of the allocation pointer, but that seems quite unlikely to me.

Fixing this would be relatively straightforward, through some reordering of statements and storing the reallocation result in a temporary value.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions