From 4e67575ec91eb4255320be647872e3a5c83d53e9 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Mon, 28 Jan 2013 15:48:31 +0000 Subject: [PATCH] - Compute the correct size to reallocate when doubling the size of the array of loaded objects to avoid a buffer overrun. - Use reallocf() to avoid leaking memory if the realloc() fails. PR: kern/175648 Submitted by: yuri@rawbw.com (1) MFC after: 1 week --- lib/libproc/proc_rtld.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/libproc/proc_rtld.c b/lib/libproc/proc_rtld.c index 2a9ed39965b..52590493c4c 100644 --- a/lib/libproc/proc_rtld.c +++ b/lib/libproc/proc_rtld.c @@ -44,7 +44,8 @@ map_iter(const rd_loadobj_t *lop, void *arg) if (phdl->nobjs >= phdl->rdobjsz) { phdl->rdobjsz *= 2; - phdl->rdobjs = realloc(phdl->rdobjs, phdl->rdobjsz); + phdl->rdobjs = reallocf(phdl->rdobjs, sizeof(*phdl->rdobjs) * + phdl->rdobjsz); if (phdl->rdobjs == NULL) return (-1); }