Skip to content

Commit 44a524e

Browse files
committed
The memory stream interface allows for a buffer size of zero.
The case of a zero-sized buffer was not handled correctly, as it could lead to a double free. This problem has now been fixed (hopefully). One might ask whether a zero-sized buffer should be allowed at all, but this is a question for another day.
1 parent efb88eb commit 44a524e

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

Diff for: src/libjasper/base/jas_stream.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -993,9 +993,10 @@ static int mem_resize(jas_stream_memobj_t *m, int bufsize)
993993
{
994994
unsigned char *buf;
995995

996-
assert(m->buf_);
996+
//assert(m->buf_);
997997
assert(bufsize >= 0);
998-
if (!(buf = jas_realloc2(m->buf_, bufsize, sizeof(unsigned char)))) {
998+
if (!(buf = jas_realloc2(m->buf_, bufsize, sizeof(unsigned char))) &&
999+
bufsize) {
9991000
return -1;
10001001
}
10011002
m->buf_ = buf;

0 commit comments

Comments
 (0)