Snort mailing list archives

sfbpf_realloc() question

From: Bill Parker <wp02855 () gmail com>
Date: Tue, 22 Sep 2015 14:33:27 -0700

Hello All,

    In reviewing code in snort-2.9.x, where calls to sfbpf_realloc() are
made, as below, if realloc() fails, it returns a NULL value, which will
clobber what YY_CURRENT_BUFFER_LVALUE->yy_ch_buf points to (which would be
NULL), but according to the C9x standard, when realloc() returns NULL, the
original buffer is unchaged.

Shouldn't a temporary variable be used to keep track of the above memory
location, in the event sfbpf_realloc() fails?  (unless YY_FATAL_ERROR
causes DAQ to terminate?):

{
                /* Extend the array by 50%, plus the number we really need.
*/
                yy_size_t new_size = (yy_n_chars) + number_to_move +
((yy_n_chars) >> 1);
                YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *)
sfbpf_realloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size  );
                if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
                        YY_FATAL_ERROR( "out of dynamic memory in
yy_get_next_buffer()" );
        }

        (yy_n_chars) += number_to_move;

Bill

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

sfbpf_realloc() question Bill Parker (Sep 22)