fleece icon indicating copy to clipboard operation
fleece copied to clipboard

Published 20 hours ago verified publisher icon couchbase

possible invalid usage of realloc

Open Dushistov opened this issue 4 years ago • 1 comments

Here:

https://github.com/couchbaselabs/fleece/blob/60bfb99bfed50329a2a8c3a3fb0cacea074ea799/Fleece/Tree/MutableNode.hh#L332

operator new/delete defined as:

 static void* operator new(size_t size, unsigned capacity) {
            return ::operator new(size + capacity*sizeof(NodeRef));
        }

but then

 MutableInterior* grow() {
            assert_precondition(capacity() < kMaxChildren);
            auto replacement = (MutableInterior*)realloc(this,

should be malloc/free used instead of ::operator new in the first place, to make it possible to use realloc here?

Dushistov avatar May 26 '20 20:05 Dushistov

Yes, they should. I've seen the UB Sanitizer point this out, but it's never seemed high priority enough to fix at the moment. Patch welcome! :)

[In any case, the tree code is experimental, and isn't used in Couchbase Lite. I.e. it gets dead-stripped.]

snej avatar Jun 03 '20 17:06 snej