curl / Mailing Lists / curl-library / Single Mail


realloc: use Curl_saferealloc to avoid common mistakes

From: Daniel Stenberg <>
Date: Mon, 7 Nov 2016 15:16:36 +0100 (CET)

Hi team,

I'm suggesting we introduce a Curl_saferealloc() function to be used instead
of plain old realloc() where suitable.

The replacement makes sure to free the passed in memory area if realloc()
fails, but it does *not* free the memory area if the realloc'ed size is zero.

The intent is to address a common problem pattern our code has shown in the
past. We've allowed the size argument to get dynamically calculated and then
passed to realloc() and in some cases it could wrap and become zero. A
realloc() to 0 returns NULL *and* frees the memory area, which easily ends up
in a free-twice scenario.

This new function is meant to help us avoid this problem.

The attached patch introduce the function and changes most uses of realloc()
to use the new function. It didn't really fit in every case so there are still
a handful calls to plain realloc() left.

Comments or thoughts on this?


List admin:

Received on 2016-11-07