[pacman-dev] [PATCH] BUG: Fix realloc of 0 bytes
From: Timothy Redaelli <timothy.redaelli@gmail.com> realloc with size == 0 can return NULL, and passing NULL to qsort will cause a SEGFAULT (CERT MEM04-C) --- lib/libalpm/be_local.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/libalpm/be_local.c b/lib/libalpm/be_local.c index 93763966..a734eba3 100644 --- a/lib/libalpm/be_local.c +++ b/lib/libalpm/be_local.c @@ -790,6 +790,9 @@ static int local_db_read(alpm_pkg_t *info, alpm_dbinfrq_t inforeq) memcpy(files[files_count].name, line, len); files_count++; } + if (files_count == 0) { + continue; + } /* attempt to hand back any memory we don't need */ files = realloc(files, sizeof(alpm_file_t) * files_count); /* make sure the list is sorted */ -- 2.2.0
On 19/12/14 20:11, tredaelli@archlinux.info wrote:
From: Timothy Redaelli <timothy.redaelli@gmail.com>
realloc with size == 0 can return NULL, and passing NULL to qsort will cause a SEGFAULT (CERT MEM04-C)
If there are no files, pacman will never enter this part of the code.
--- lib/libalpm/be_local.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/lib/libalpm/be_local.c b/lib/libalpm/be_local.c index 93763966..a734eba3 100644 --- a/lib/libalpm/be_local.c +++ b/lib/libalpm/be_local.c @@ -790,6 +790,9 @@ static int local_db_read(alpm_pkg_t *info, alpm_dbinfrq_t inforeq) memcpy(files[files_count].name, line, len); files_count++; } + if (files_count == 0) { + continue; + } /* attempt to hand back any memory we don't need */ files = realloc(files, sizeof(alpm_file_t) * files_count); /* make sure the list is sorted */
participants (2)
-
Allan McRae
-
tredaelli@archlinux.info