public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/346] New: wierd memory reallocation in _IO_vasprintf()
@ 2004-08-25 23:22 peak at argo dot troja dot mff dot cuni dot cz
2004-09-26 5:11 ` [Bug libc/346] " drepper at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: peak at argo dot troja dot mff dot cuni dot cz @ 2004-08-25 23:22 UTC (permalink / raw)
To: glibc-bugs
There is the following piece of code in _IO_vasprintf() (libio/vasprintf.c):
...
/* Only use realloc if the size we need is of the same order of
magnitude then the memory we allocated. */
needed = sf._sbf._f._IO_write_ptr - sf._sbf._f._IO_write_base + 1;
allocated = sf._sbf._f._IO_write_end - sf._sbf._f._IO_write_base;
if ((allocated << 1) <= needed)
*result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed);
else
...
Afaik, the following inequality holds for any consistent writable instance of
struct _IO_FILE:
_IO_write_base <= _IO_write_ptr <= _IO_write_end
therefore allocated >= needed - 1, and consequently (allocated << 1) > needed
whenever allocated > 1 (and it is not big enough to overflow in << 1). This
makes the condition of "if" statement rather pointless. Should the condition
read (allocated >> 1) <= needed?
--
Summary: wierd memory reallocation in _IO_vasprintf()
Product: glibc
Version: 2.3.3
Status: NEW
Severity: minor
Priority: P2
Component: libc
AssignedTo: gotom at debian dot or dot jp
ReportedBy: peak at argo dot troja dot mff dot cuni dot cz
CC: glibc-bugs at sources dot redhat dot com
http://sources.redhat.com/bugzilla/show_bug.cgi?id=346
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libc/346] wierd memory reallocation in _IO_vasprintf()
2004-08-25 23:22 [Bug libc/346] New: wierd memory reallocation in _IO_vasprintf() peak at argo dot troja dot mff dot cuni dot cz
@ 2004-09-26 5:11 ` drepper at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: drepper at redhat dot com @ 2004-09-26 5:11 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2004-09-26 05:11 -------
Yes, >> is correct. Fixed in CVS.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sources.redhat.com/bugzilla/show_bug.cgi?id=346
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-09-26 5:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-08-25 23:22 [Bug libc/346] New: wierd memory reallocation in _IO_vasprintf() peak at argo dot troja dot mff dot cuni dot cz
2004-09-26 5:11 ` [Bug libc/346] " drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).