AtlSafeRealloc() treats failures inconsistently and this leads to memory leaks - by Dmitry Me

Status : 

  Fixed<br /><br />
		This item has been fixed in the current or upcoming version of this product.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 714791 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 12/20/2011 12:43:36 AM
Access Restriction Public


This behavior is observed in version 10.0.40219.1 SP1Rel

atlbase.h contains this code:

template <class T, class Reallocator>
_Ret_opt_count_(cEls) T* AtlSafeRealloc(
	_In_opt_ T* pT,
	_In_ size_t cEls) throw()
	T* pTemp;

	size_t nBytes=0;
	if(FAILED(::ATL::AtlMultiply(&nBytes, cEls, sizeof(T))))
		return NULL;
	pTemp = static_cast<T*>(Reallocator::Reallocate(pT, nBytes));
	if (pTemp == NULL)
		return NULL;
	pT = pTemp;
	return pTemp;

Note that if reallocation fails the original block is freed and null pointer is returned. Yet if multiplication fails the original block is not freed and null pointer is returned. The caller has no chance to know which of the two happened when null is returned. The caller can't attempt to free the block - that would yield double-free and undefined behavior if the block was actually freed by AtlSafeRealloc(). If the block is not freed by AtlSafeRealloc() and null is returned the block will be leaked.
Sign in to post a comment.
Posted by Microsoft on 1/23/2012 at 10:29 AM
Hello Dmitry,

This problem has been fixed in next release of Visual Studio. Thank you very much for your feedback.

Lukasz Chodorski
Windows C++ Libraries Team
Posted by EricLeong [Feedback Moderator] on 12/20/2011 at 6:10 PM
Thank you for submitting feedback on Visual Studio 2010 and .NET Framework. Your issue has been routed to the appropriate VS development team for review. We will contact you if we require any additional information.
Posted by MS-Moderator01 on 12/20/2011 at 1:43 AM
Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(