Re: [bug #64551] Possible null pointer dereference on the function get_buffer

[Paul Smith]

On Sat, 2024-01-20 at 23:37 +0800, Haoxin Tu wrote:
> But I don't understand why the second invocation of `xrealloc` can
> not return zero, I apologize for any imprecise information I provided
> in the previous emails.

Because of what I said in my original reply:

> the entire point of xrealloc is that it never returns 0.

Look at the implementation of xrealloc():

  void *result = malloc (size ? size : 1);
  if (result == 0)
    OUT_OF_MEM();
  return result;

We know that OUT_OF_MEM() never returns.  So there's no way this
function can return 0.

It will, as Martin suggests, recurse infinitely (one assumes) because
fatal() calls xrealloc() again, and malloc() will return 0, so it will
call fatal(), which calls xrealloc() again, and malloc will return 0,
so it will call fatal(), etc. etc.--this is what I meant by my
imprecise comment "infinite loop" I should have said "infinite
recursion".

As a reminder this is moot: this code has been rewritten and even the
infinite recursion problem was removed from the code back in 2017.

-- 
Paul D. Smith <psmith@gnu.org>            Find some GNU make tips at:
https://www.gnu.org                       http://make.mad-scientist.net
"Please remain calm...I may be mad, but I am a professional." --Mad
Scientist