Home Dashboard Directory Help
Search

AtlSafeRealloc() treats failures inconsistently and this leads to memory leaks by Dmitry Me


Status: 

Closed
 as Fixed Help for as Fixed


1
0
Sign in
to vote
Type: Bug
ID: 714791
Opened: 12/20/2011 12:43:36 AM
Access Restriction: Public
Moderator Decision: Sent to Engineering Team for consideration
0
Workaround(s)
view
0
User(s) can reproduce this bug

Description

This behavior is observed in version 10.0.40219.1 SP1Rel

atlbase.h contains this code:


template <class T, class Reallocator>
_Ret_opt_count_(cEls) T* AtlSafeRealloc(
    _In_opt_ T* pT,
    _In_ size_t cEls) throw()
{
    T* pTemp;

    size_t nBytes=0;
    if(FAILED(::ATL::AtlMultiply(&nBytes, cEls, sizeof(T))))
    {
        return NULL;
    }
    pTemp = static_cast<T*>(Reallocator::Reallocate(pT, nBytes));
    if (pTemp == NULL)
    {
        Reallocator::Free(pT);
        return NULL;
    }
    pT = pTemp;
    return pTemp;
}

Note that if reallocation fails the original block is freed and null pointer is returned. Yet if multiplication fails the original block is not freed and null pointer is returned. The caller has no chance to know which of the two happened when null is returned. The caller can't attempt to free the block - that would yield double-free and undefined behavior if the block was actually freed by AtlSafeRealloc(). If the block is not freed by AtlSafeRealloc() and null is returned the block will be leaked.
Details
Sign in to post a comment.
Posted by Microsoft on 1/23/2012 at 10:29 AM
Hello Dmitry,

This problem has been fixed in next release of Visual Studio. Thank you very much for your feedback.

Lukasz Chodorski
Windows C++ Libraries Team
Posted by MS-Moderator09 [Feedback Moderator] on 12/20/2011 at 6:10 PM
Thank you for submitting feedback on Visual Studio 2010 and .NET Framework. Your issue has been routed to the appropriate VS development team for review. We will contact you if we require any additional information.
Posted by MS-Moderator01 on 12/20/2011 at 1:43 AM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)
Sign in to post a workaround.