[libcxx-commits] [libcxx] [libc++] Fix realloc bug in ios.cpp (PR #177526)
via libcxx-commits
libcxx-commits at lists.llvm.org
Tue Jan 27 22:46:07 PST 2026
https://github.com/v-zhangxiaomeng5 updated https://github.com/llvm/llvm-project/pull/177526
>From f22dfd11fa0f183fbaef5892848687422b76738d Mon Sep 17 00:00:00 2001
From: v-zhangxiaomeng5 <v-zhangxiaomeng5 at xiaomi.com>
Date: Fri, 23 Jan 2026 11:21:26 +0800
Subject: [PATCH] [libc++] Fix realloc bug in ios.cpp
When realloc fails in the function register_callback, the memory will be leaked,
then __fn_ is assignes as nullptr, dereferencing __fn_ causes UB.
This fix aligns register_callback to iword & pword for realloc.
---
libcxx/src/ios.cpp | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libcxx/src/ios.cpp b/libcxx/src/ios.cpp
index 02ce4841187fb..077389eafd61b 100644
--- a/libcxx/src/ios.cpp
+++ b/libcxx/src/ios.cpp
@@ -180,12 +180,16 @@ void ios_base::register_callback(event_callback fn, int index) {
if (req_size > __event_cap_) {
size_t newcap = __ios_new_cap<event_callback>(req_size, __event_cap_);
event_callback* fns = static_cast<event_callback*>(realloc(__fn_, newcap * sizeof(event_callback)));
- if (fns == 0)
+ if (fns == 0) {
setstate(badbit);
+ return;
+ }
__fn_ = fns;
int* indxs = static_cast<int*>(realloc(__index_, newcap * sizeof(int)));
- if (indxs == 0)
+ if (indxs == 0) {
setstate(badbit);
+ return;
+ }
__index_ = indxs;
__event_cap_ = newcap;
}
More information about the libcxx-commits
mailing list