Bug 2684

Summary: calling realloc with a size <= 0
Product: Portable OpenSSH Reporter: Tom <trix>
Component: MiscellaneousAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: normal CC: djm
Priority: P5    
Version: -current   
Hardware: amd64   
OS: FreeBSD   
Attachments:
Description Flags
The fix for master branch at commit id d5499190559ebe374bcdfa8805408646ceffad64 none

Description Tom 2017-02-26 07:50:49 AEDT
Created attachment 2949 [details]
The fix for master branch at commit id d5499190559ebe374bcdfa8805408646ceffad64

Problem flagged by clang's static analyzer as :
Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131)	

The fix is the check the inputs better.
See the attachment for the location/fix
Comment 1 Damien Miller 2017-02-28 17:06:58 AEDT
realloc with 0 size is defined as per http://pubs.opengroup.org/onlinepubs/009695399/functions/realloc.html

> If size is 0, either a null pointer or a unique pointer that can be 
> successfully passed to free() shall be returned
Comment 2 Damien Miller 2021-04-23 14:55:52 AEST
closing resolved bugs as of 8.6p1 release