Most heap allocation functions are checked
for NULL return values, but a few are not:

./poptconfig.c:     b = realloc(b, (nb + nse));
./poptconfig.c-     (void) stpcpy( stpcpy(&b[nb-1], " "), se);

./popt.c:               t = realloc(t, tn);
./popt.c-               te = stpcpy(t + pos, a);

If either of those realloc calls fails, the next line
dereferences a NULL pointer.

Also, any use of realloc like those above introduces
a leak whenever realloc fails.

Instead, when realloc fails, the code should ensure
that the original value of the pointer (b or t above)
can still be freed.
POPT Library                                 
Developer Communication List             

Reply via email to