From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 19293 invoked by alias); 25 Aug 2004 23:22:18 -0000 Mailing-List: contact glibc-bugs-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sources.redhat.com Received: (qmail 19271 invoked by uid 48); 25 Aug 2004 23:22:16 -0000 Date: Wed, 25 Aug 2004 23:22:00 -0000 From: "peak at argo dot troja dot mff dot cuni dot cz" To: glibc-bugs@sources.redhat.com Message-ID: <20040825232212.346.peak@argo.troja.mff.cuni.cz> Reply-To: sourceware-bugzilla@sources.redhat.com Subject: [Bug libc/346] New: wierd memory reallocation in _IO_vasprintf() X-Bugzilla-Reason: CC X-SW-Source: 2004-08/txt/msg00186.txt.bz2 List-Id: There is the following piece of code in _IO_vasprintf() (libio/vasprintf.c): ... /* Only use realloc if the size we need is of the same order of magnitude then the memory we allocated. */ needed = sf._sbf._f._IO_write_ptr - sf._sbf._f._IO_write_base + 1; allocated = sf._sbf._f._IO_write_end - sf._sbf._f._IO_write_base; if ((allocated << 1) <= needed) *result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed); else ... Afaik, the following inequality holds for any consistent writable instance of struct _IO_FILE: _IO_write_base <= _IO_write_ptr <= _IO_write_end therefore allocated >= needed - 1, and consequently (allocated << 1) > needed whenever allocated > 1 (and it is not big enough to overflow in << 1). This makes the condition of "if" statement rather pointless. Should the condition read (allocated >> 1) <= needed? -- Summary: wierd memory reallocation in _IO_vasprintf() Product: glibc Version: 2.3.3 Status: NEW Severity: minor Priority: P2 Component: libc AssignedTo: gotom at debian dot or dot jp ReportedBy: peak at argo dot troja dot mff dot cuni dot cz CC: glibc-bugs at sources dot redhat dot com http://sources.redhat.com/bugzilla/show_bug.cgi?id=346 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.