Hi, On Tuesday, 2018-03-27 12:30:13 -0500, Derek Martin wrote:
> > void mutt_mem_free(void *ptr)
> > {
> > void **p = (void **) ptr;
> > if (*p)
> > {
> > free(*p);
> > *p = 0;
>
> ...
> char *x = (char *)malloc(buffsz);
> /* do some stuff with x *
> ...
> mutt_mem_free(x);
>
> /* later... */
> if (x) do_some_stuff();
>
> This would likely crash, or at worst behave unexpectedly, because x
> was not set to NULL when mutt_mem_free() was called on it.
It would ill-behave even earlier because mutt_mem_free() would
effectively call free(*x) thus attempting to free a memory block that
the content of the memory at x points to. Hopefully memory management
would terminate the process at that point.. but with chance it could be
interpreted as a valid memory block pointer and whatever may happen..
Eike
--
OpenPGP/GnuPG encrypted mail preferred in all private communication.
GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918 630B 6A6C D5B7 6563 2D3A
Care about Free Software, support the FSFE https://fsfe.org/support/?erack
Use LibreOffice! https://www.libreoffice.org/
signature.asc
Description: PGP signature
