[flac-dev] Behavior of safe_realloc_add_2op_()

Miroslav Lichvar mlichvar at redhat.com
Wed Jul 18 10:30:41 UTC 2018

I'm looking at an issue reported by the Coverity static analyzer.
In iconvert() in src/share/utf8/iconvert.c on line 152 there is

newbuf = safe_realloc_add_2op_(utfbuf, ...);

If the request size is not valid, the function will free utfbuf and
return 0. This is followed by goto fail and utfbuf is freed for the
second time. A simply fix would be to set utfbuf to 0 if newbuf is 0.
However, this would create a leak in the case when the size is ok, but
the reallocation itself failed. Should safe_realloc_add_2op_() be
changed to use safe_realloc_() instead of realloc()? Is there any code
in flac that relies on the current behavior?

Miroslav Lichvar

More information about the flac-dev mailing list