- Compute the correct size to reallocate when doubling the size of the

array of loaded objects to avoid a buffer overrun.
- Use reallocf() to avoid leaking memory if the realloc() fails.

PR:		kern/175648
Submitted by:	yuri@rawbw.com (1)
MFC after:	1 week
This commit is contained in:
John Baldwin 2013-01-28 15:48:31 +00:00
parent c71535cdd3
commit 4e67575ec9

View File

@ -44,7 +44,8 @@ map_iter(const rd_loadobj_t *lop, void *arg)
if (phdl->nobjs >= phdl->rdobjsz) {
phdl->rdobjsz *= 2;
phdl->rdobjs = realloc(phdl->rdobjs, phdl->rdobjsz);
phdl->rdobjs = reallocf(phdl->rdobjs, sizeof(*phdl->rdobjs) *
phdl->rdobjsz);
if (phdl->rdobjs == NULL)
return (-1);
}