On Thu, Jun 05, 2014 at 09:04:25AM -0600, Theo de Raadt wrote: > + if (optr != NULL) { > + _dl_write(STDERR_FILENO, msg1, sizeof(msg1) - 1); > + _dl_exit(7); > + } > > I think this is a trap. A true realloc is not much to add. It can > be the simple "always realloc" method, since actually that is better > for security right off the bat....
Indeed nicer. atm it does not make a difference, since _dl_reallocarray is always called with NULL. I'll write up a simple realloc tonight. -Otto