It is my understanding that if realloc returns NULL, it did nothing. You then proceed to allocate and copy manually As far as i understand you should also free e0 afterwards. This should be confirmed by someone who knows the code. Maarten. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-fix-a-potential-leak.patch Type: application/octet-stream Size: 677 bytes Desc: not available Url : http://lists.freedesktop.org/archives/fontconfig/attachments/20081109/c692da98/attachment.obj
On Sat, Nov 8, 2008 at 7:32 PM, Maarten Maathuis <madman2003 at gmail.com> wrote:> It is my understanding that if realloc returns NULL, it did nothing. > You then proceed to allocate and copy manually > As far as i understand you should also free e0 afterwards. This should > be confirmed by someone who knows the code.I think that the free will fail, or do bad things, when e0 was pointing inside a block that was mmapped, which is the case where the !e branch gets taken (either that, or the system is out of memory). pat
On Sun, Nov 9, 2008 at 2:01 AM, Patrick Lam <prof.lam at gmail.com> wrote:> On Sat, Nov 8, 2008 at 7:32 PM, Maarten Maathuis <madman2003 at gmail.com> wrote: >> It is my understanding that if realloc returns NULL, it did nothing. >> You then proceed to allocate and copy manually >> As far as i understand you should also free e0 afterwards. This should >> be confirmed by someone who knows the code. > > I think that the free will fail, or do bad things, when e0 was > pointing inside a block that was mmapped, which is the case where the > !e branch gets taken (either that, or the system is out of memory). > > pat >I suppose there are no sane reasons for realloc to fail other than plain running of memory or mmap. It slipped my mind. Maarten.