[libcxx-commits] [libcxx] [libc++] Fix realloc bug in ios.cpp (PR #177526)
via libcxx-commits
libcxx-commits at lists.llvm.org
Thu Jan 22 20:59:18 PST 2026
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-libcxx
Author: None (v-zhangxiaomeng5)
<details>
<summary>Changes</summary>
When realloc fails in the function register_callback in ios.cpp, the memory will be leaked, then __fn_ is assignes as nullptr, dereferencing __fn_ causes UB.
This fix aligns register_callback to iword & pword for realloc, i.e. return directly if realloc fails.
---
Full diff: https://github.com/llvm/llvm-project/pull/177526.diff
1 Files Affected:
- (modified) libcxx/src/ios.cpp (+6-2)
``````````diff
diff --git a/libcxx/src/ios.cpp b/libcxx/src/ios.cpp
index 02ce4841187fb..077389eafd61b 100644
--- a/libcxx/src/ios.cpp
+++ b/libcxx/src/ios.cpp
@@ -180,12 +180,16 @@ void ios_base::register_callback(event_callback fn, int index) {
if (req_size > __event_cap_) {
size_t newcap = __ios_new_cap<event_callback>(req_size, __event_cap_);
event_callback* fns = static_cast<event_callback*>(realloc(__fn_, newcap * sizeof(event_callback)));
- if (fns == 0)
+ if (fns == 0) {
setstate(badbit);
+ return;
+ }
__fn_ = fns;
int* indxs = static_cast<int*>(realloc(__index_, newcap * sizeof(int)));
- if (indxs == 0)
+ if (indxs == 0) {
setstate(badbit);
+ return;
+ }
__index_ = indxs;
__event_cap_ = newcap;
}
``````````
</details>
https://github.com/llvm/llvm-project/pull/177526
More information about the libcxx-commits
mailing list