On Thu, Jun 05, 2014 at 09:04:25AM -0600, Theo de Raadt wrote:
> + if (optr != NULL) {
> + _dl_write(STDERR_FILENO, msg1, sizeof(msg1) - 1);
> + _dl_exit(7);
> + }
>
> I think this is a trap. A true realloc is not much to add. It can
> be the simple "always realloc" method, since actually that is better
> for security right off the bat....
Indeed nicer. atm it does not make a difference, since
_dl_reallocarray is always called with NULL. I'll write up a simple
realloc tonight.
-Otto
