The memory stream interface allows for a buffer size of zero.

The case of a zero-sized buffer was not handled correctly, as it could lead to a double free. This problem has now been fixed (hopefully). One might ask whether a zero-sized buffer should be allowed at all, but this is a question for another day.
jasper-software · Oct 20, 2016 · 44a524e · 44a524e
1 parent efb88eb
commit 44a524e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/libjasper/base/jas_stream.c b/src/libjasper/base/jas_stream.c
@@ -993,9 +993,10 @@ static int mem_resize(jas_stream_memobj_t *m, int bufsize)
 {
 	unsigned char *buf;
 
-	assert(m->buf_);
+	//assert(m->buf_);
 	assert(bufsize >= 0);
-	if (!(buf = jas_realloc2(m->buf_, bufsize, sizeof(unsigned char)))) {
+	if (!(buf = jas_realloc2(m->buf_, bufsize, sizeof(unsigned char))) &&
+	  bufsize) {
 		return -1;
 	}
 	m->buf_ = buf;