Re: ClamAV infinite loop

Stephen Gran wrote:
> On Sun, Nov 27, 2005 at 02:03:59PM +0000, Nigel Horne said:
>
> > On Wed, 2005-11-16 at 21:41, Brian Bebeau wrote:
> >
> >
> > > cli_realloc() doesn't fail, so it never breaks out of the loop
> > > from that.
> >
> > > From cli_realloc:
> >
> >    if(!size || size > MAX_ALLOCATION) {
> >        cli_errmsg("Attempt to allocate %d bytes. Please report to
> > bugs@xxxxxxxxxx\n", size);
> >        return NULL;
> >    }
> >
> > Looks like a failure to me!
>
>
> That only fails if the size parmaeter is NULL or too big. 

Untrue, it can also fail if the call to realloc fails.

It is true that from realloc(3): "If realloc()
fails the original block is left untouched - it is not freed or moved."

In this case I would argue that it would be better, and more consistent,
for cli_realloc to fail, since for clamAV the action of realloc to
return the original pointer if realloc fails is useless. But that is an 
issue with cli_realloc, NOT with mbox.c as implied by the OP.

--
Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
njh@xxxxxxxxxxxxx http://www.bandsman.co.uk
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html