Most allocation functions (realloc, malloc, calloc) are checked for NULL return values, but a few are not:
./poptconfig.c: b = realloc(b, (nb + nse)); ./poptconfig.c- (void) stpcpy( stpcpy(&b[nb-1], " "), se); ./popt.c: t = realloc(t, tn); ./popt.c- te = stpcpy(t + pos, a); If either of those realloc calls fails, the next line dereferences a NULL pointer. Also, any use of realloc like those above introduces a leak whenever realloc fails. Instead, when realloc fails, the code should ensure that the original value of the pointer (b or t above) can still be freed. ______________________________________________________________________ POPT Library http://rpm5.org Developer Communication List popt-devel@rpm5.org