Dolphin Smalltalk 7

A vulnerability during the memory handling

V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer ‘elems’ is lost. Consider assigning realloc() to a temporary pointer. compiler.cpp 2922

POTE Compiler::ParseByteArray()
{
  NextToken();
  while (m_ok && !ThisTokenIsClosing())
  {
    if (elemcount>=maxelemcount)
    {
      _ASSERTE(maxelemcount > 0);
      maxelemcount *= 2;
      elems = (BYTE*)realloc(elems, maxelemcount*sizeof(BYTE));
    }
    ....
  }
  ....
}

This code is potentially dangerous: we recommend using a separate variable to store the return result of function realloc(). The realloc() function is used to change the size of a memory block. If such change is impossible for the moment, it will return a null pointer. The problem is that pointer ptr, referring to this memory block, may get lost when using constructs like ptr = realloc(ptr, …).

Please click here to see more bugs from this project.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s