use after free in grep?

Eitan Adler Wed, 19 Dec 2012 23:14:02 -0800

Hey,

in xrealloc_impl


338   new_ptr = realloc(ptr, new_size);
339   if (new_ptr != NULL)
340     {
341       hash_table_del(xmalloc_table, ptr);

^^^ isn't this a use-after-free of ptr?

§7.22.3.5.2 says that ptr is deallocated after the call to realloc.

342       hash_table_add(xmalloc_table, new_ptr, (int)new_size, file,
line, func);
343     }



-- 
Eitan Adler
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"

use after free in grep?

Reply via email to