Dolphin Smalltalk 7

BUG OF THE MONTH | A vulnerability during the memory handling

V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer ‘elems’ is lost. Consider assigning realloc() to a temporary pointer. compiler.cpp 2922

POTE Compiler::ParseByteArray()
  while (m_ok && !ThisTokenIsClosing())
    if (elemcount>=maxelemcount)
      _ASSERTE(maxelemcount > 0);
      maxelemcount *= 2;
      elems = (BYTE*)realloc(elems, maxelemcount*sizeof(BYTE));

This code is potentially dangerous: we recommend using a separate variable to store the return result of function realloc(). The realloc() function is used to change the size of a memory block. If such change is impossible for the moment, it will return a null pointer. The problem is that pointer ptr, referring to this memory block, may get lost when using constructs like ptr = realloc(ptr, …).

Please click here to see more bugs from this project.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.