| Summary: | calling realloc with a size <= 0 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Tom <trix> | ||||
| Component: | Miscellaneous | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED WONTFIX | ||||||
| Severity: | normal | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | -current | ||||||
| Hardware: | amd64 | ||||||
| OS: | FreeBSD | ||||||
| Attachments: |
|
||||||
realloc with 0 size is defined as per http://pubs.opengroup.org/onlinepubs/009695399/functions/realloc.html > If size is 0, either a null pointer or a unique pointer that can be > successfully passed to free() shall be returned closing resolved bugs as of 8.6p1 release |
Created attachment 2949 [details] The fix for master branch at commit id d5499190559ebe374bcdfa8805408646ceffad64 Problem flagged by clang's static analyzer as : Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131) The fix is the check the inputs better. See the attachment for the location/fix