2684 – calling realloc with a size <= 0

Bug 2684 - calling realloc with a size <= 0

Summary: calling realloc with a size <= 0

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	Miscellaneous (show other bugs)
Version:	-current
Hardware:	amd64 FreeBSD

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-26 07:50 AEDT by Tom
Modified:	2021-04-23 14:55 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
The fix for master branch at commit id d5499190559ebe374bcdfa8805408646ceffad64 (859 bytes, patch) 2017-02-26 07:50 AEDT, Tom	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tom 2017-02-26 07:50:49 AEDT

Created attachment 2949 [details]
The fix for master branch at commit id d5499190559ebe374bcdfa8805408646ceffad64

Problem flagged by clang's static analyzer as :
Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131)	

The fix is the check the inputs better.
See the attachment for the location/fix

Comment 1 Damien Miller 2017-02-28 17:06:58 AEDT

realloc with 0 size is defined as per http://pubs.opengroup.org/onlinepubs/009695399/functions/realloc.html

> If size is 0, either a null pointer or a unique pointer that can be 
> successfully passed to free() shall be returned

Comment 2 Damien Miller 2021-04-23 14:55:52 AEST

closing resolved bugs as of 8.6p1 release