...
In this noncompliant example, a diagnostic is required because realloc()
may free c_str1
when it returns a null pointer, resulting in c_str1
being freed twice. The committee proposed response to Defect Report #400 makes it implementation-defined whether the old object is deallocated if size
is zero and memory for the new object is not allocated, and the current implementation of realloc()
in glibc will free c_str1
and return a null pointer for zero byte allocations. Freeing a pointer twice can result in a potentially exploitable vulnerability commonly referred to as a "double-free exploit" [Seacord 2013].
...