realloc is generally used incorrectly
most but not all uses of realloc() in vlc are incorrect.
one correct instance: npolibvlc.cpp 1694 char **moreOptions = (char **)realloc(options, capacitysizeof(char)); 1695 if( ! moreOptions ) 1696 { 1697 /* failed to allocate more memory / 1698 free(s); 1699 / return what we got so far */ 1700 *i_options = nOptions; 1701 *ppsz_options = options; 1702 return; 1703 }
note that it doesn't do: foo = realloc(foo, size); because then it wouldn't be able to clean up foo when realloc fails.
libs/loader/win32.c
* line 3248 -- com_object_table=realloc(com_object_table, sizeof(struct COM_OBJECT_INFO)*(++com_object_size));
projects/mozilla/control/npolibvlc.cpp
* line 1694 -- char **moreOptions = (char **)realloc(options, capacity*sizeof(char*));
* line 1759 -- char **moreOptions = (char **)realloc(options, capacity*sizeof(char*));
bin/winvlc.c
* line 66 -- argv = realloc (argv, (argc + 2) * sizeof (char *));
modules/audio_output/waveout.c
* line 1184 -- (char **)realloc( p_item->ppsz_list,
* line 1187 -- (char **)realloc( p_item->ppsz_list_text,
modules/audio_output/alsa.c
* line 1005 -- (char **)realloc( p_item->ppsz_list,
* line 1008 -- (char **)realloc( p_item->ppsz_list_text,
modules/audio_filter/converter/dtstospdif.c
* line 133 -- p_filter->p_sys->p_buf = realloc( p_filter->p_sys->p_buf,
modules/access_output/http.c
* line 410 -- realloc( p_sys->p_header, p_sys->i_header_allocated );
modules/mux/ogg.c
* line 537 -- p_sys->pp_del_streams = realloc( p_sys->pp_del_streams,
modules/mux/mp4.c
* line 603 -- realloc( p_stream->entry,
* line 1973 -- p_bo->p_buffer = realloc( p_bo->p_buffer, p_bo->i_buffer_size );
modules/mux/avi.c
* line 486 -- p_sys->idx1.entry = realloc( p_sys->idx1.entry,
modules/demux/ogg.c
* line 658 -- realloc( p_sav = p_stream->p_headers, p_stream->i_headers +
modules/demux/live555.cpp
* line 350 -- p_sdp = (uint8_t*)realloc( p_sdp, i_sdp_max );
modules/demux/ts.c
* line 2946 -- psz_extra = realloc( psz_extra, strlen(psz_extra) + strlen(psz_text) + 1 );
* line 2962 -- psz_extra = realloc( psz_extra, strlen(psz_extra) + strlen(psz_dsc) + strlen(psz_itm) + 3 + 1 );
modules/demux/subtitle.c
* line 751 -- txt->line = realloc( txt->line, i_line_max * sizeof( char * ) );
* line 919 -- psz_text = realloc( psz_text, i_old + i_len + 1 + 1 );
* line 1042 -- realloc( p_sys->psz_header,
* line 1275 -- psz_text = realloc( psz_text, i_old + i_len + 1 + 1 );
* line 1382 -- psz_text = realloc( psz_text, i_old + strlen( s ) + 1 );
* line 1528 -- psz_text = realloc( psz_text, i_old + i_len + 1 + 1 );
* line 1674 -- psz_text = realloc( psz_text, i_old + i_len + 1 );
* line 1922 -- psz_text = realloc( psz_text, i_old + i_len + 1 + 1 );
modules/demux/gme.cpp
* line 523 -- out_buffer = (uint8_t *)realloc(out_buffer, out_size);
* line 538 -- out_buffer = (uint8_t *)realloc(out_buffer, *pi_osize);
modules/demux/mkv/chapters.cpp
* line 65 -- title.seekpoint = (seekpoint_t**)realloc( title.seekpoint, title.i_seekpoint * sizeof( seekpoint_t* ) );
modules/demux/mkv/matroska_segment.cpp
* line 172 -- p_indexes = (mkv_index_t*)realloc( p_indexes, sizeof( mkv_index_t ) * i_index_max );
* line 366 -- p_indexes = (mkv_index_t*)realloc( p_indexes, sizeof( mkv_index_t ) * i_index_max );
modules/demux/nuv.c
* line 920 -- p_idx->idx = realloc( p_idx->idx,
modules/demux/avi/avi.c
* line 2145 -- tk->p_index = realloc( tk->p_index,
modules/demux/playlist/asx.c
* line 92 -- buf = *ppsz_string = realloc (*ppsz_string, buf - *ppsz_string);
* line 255 -- p_sys->psz_data = realloc( p_sys->psz_data, p_sys->i_data_len * sizeof( char * ) +1 );
modules/demux/playlist/xspf.c
* line 522 -- pp = realloc( p_demux->p_sys->pp_tracklist,
modules/demux/ps.h
* line 589 -- tmp_es = realloc( p_psm->es, sizeof(ps_es_t *) * (p_psm->i_es+1) );
modules/stream_out/raop.c
* line 1158 -- p_sys->p_sendbuf = realloc( p_sys->p_sendbuf, i_realloc_len );
modules/stream_out/mosaic_bridge.c
* line 403 -- p_bridge->pp_es = realloc( p_bridge->pp_es,
modules/stream_out/bridge.c
* line 299 -- p_bridge->pp_es = realloc( p_bridge->pp_es,
modules/services_discovery/sap.c
* line 745 -- decomp = realloc (decomp, newsize + 1);
modules/access/jack.c
* line 543 -- p_sys->pp_jack_port_table = realloc( p_sys->pp_jack_port_table,
modules/access/mms/buffer.c
* line 78 -- p_buf->p_data = realloc( p_buf->p_data, p_buf->i_size );
* line 108 -- p_buf->p_data = realloc( p_buf->p_data, p_buf->i_size );
modules/access/mms/mmstu.c
* line 1316 -- p_sys->p_header = realloc( p_sys->p_header,
modules/access/dvb/en50221.c
* line 1097 -- p_data = realloc( p_capmt, i_capmt_size + 6 + i_size );
* line 1099 -- p_data = realloc( p_capmt, i_capmt_size + 5 );
modules/access/rtp/session.c
* line 116 -- rtp_pt_t *ppt = realloc (ses->ptv, (ses->ptc + 1) * sizeof (rtp_pt_t));
* line 287 -- tab = realloc (session->srcv, (session->srcc + 1) * sizeof (*tab));
modules/access/rtsp/real.c
* line 692 -- buf = realloc(buf, strlen(challenge2) + strlen(checksum) + 32);
* line 695 -- buf = realloc(buf, strlen(session_id) + 32);
* line 699 -- buf = realloc(buf, strlen(mrl) + 32);
* line 705 -- buf = realloc(buf, strlen(session_id) + 32);
* line 708 -- buf = realloc(buf, strlen(mrl) + 32);
modules/access/dc1394.c
* line 177 -- node_list = realloc( node_list, sizeof(dc_camera) * (num_cameras+nodecount) );
modules/access/dshow/dshow.cpp
* line 1066 -- p_sys->pp_streams = (dshow_stream_t **)realloc( p_sys->pp_streams,
* line 1934 -- (char **)realloc( p_item->ppsz_list,
* line 1937 -- (char **)realloc( p_item->ppsz_list_text,
modules/codec/vorbis.c
* line 328 -- realloc( p_dec->fmt_in.p_extra, p_dec->fmt_in.i_extra +
* line 464 -- realloc( p_dec->fmt_out.p_extra, p_dec->fmt_out.i_extra );
modules/codec/subtitles/subsdec.c
* line 399 -- psz_subtitle = realloc( psz_new_subtitle,
* line 542 -- psz_text_start = realloc( psz_text_start, strlen( psz_text_start ) + 1 );
* line 882 -- psz_html_start = realloc( psz_html_start, i_buf_size );
* line 899 -- psz_html_start = realloc( psz_html_start, psz_html - psz_html_start + 1 );
modules/codec/subtitles/subsusf.c
* line 1117 -- psz_text_start = realloc( psz_text_start, strlen( psz_text_start ) + 1 );
modules/codec/cmml/xstrcat.h
* line 40 -- psz_string = (char *) realloc( psz_string, i_new_string_length );
modules/codec/quicktime.c
* line 592 -- p_sys->p_buffer = realloc( p_sys->p_buffer, p_sys->i_buffer_size );
modules/codec/dvbsub.c
* line 923 -- realloc( p_region->p_object_defs,
* line 1139 -- realloc( p_region->p_object_defs[i].psz_text,
* line 2042 -- realloc( p_sys->p_regions, sizeof(encoder_region_t) *
modules/codec/theora.c
* line 219 -- realloc( p_dec->fmt_in.p_extra, p_dec->fmt_in.i_extra +
* line 408 -- realloc( p_dec->fmt_out.p_extra, p_dec->fmt_out.i_extra );
* line 713 -- realloc( p_enc->fmt_out.p_extra,
modules/codec/flac.c
* line 365 -- realloc( p_dec->fmt_out.p_extra, p_dec->fmt_out.i_extra );
* line 1348 -- realloc( p_sys->p_buffer, p_aout_buf->i_nb_bytes * 2 );
modules/codec/kate.c
* line 234 -- realloc( p_dec->fmt_in.p_extra, p_dec->fmt_in.i_extra + kp.nbytes + 2 );
* line 355 -- realloc( p_dec->fmt_out.p_extra, p_dec->fmt_out.i_extra );
modules/codec/faad.c
* line 237 -- p_sys->p_buffer = realloc( p_sys->p_buffer, p_sys->i_buffer_size );
modules/codec/avcodec/audio.c
* line 324 -- p_sys->p_output = realloc(p_sys->p_output, p_block->i_buffer);
modules/codec/speex.c
* line 313 -- realloc( p_dec->fmt_in.p_extra, p_dec->fmt_in.i_extra +
* line 399 -- realloc( p_dec->fmt_out.p_extra, p_dec->fmt_out.i_extra );
modules/misc/freetype.c
* line 1717 -- realloc( *ppp_styles, *pi_runs * sizeof( ft_style_t * ) );
* line 1736 -- realloc( *ppi_run_lengths, *pi_runs * sizeof( uint32_t ) );
modules/misc/text_renderer.h
* line 446 -- realloc( *ppi_k_durations,
* line 458 -- realloc( *ppi_k_run_lengths,
modules/misc/quartztext.c
* line 531 -- *ppp_styles = (ATSUStyle *) realloc( *ppp_styles, *pi_runs * sizeof( ATSUStyle ) );
* line 538 -- *ppi_run_lengths = (uint32_t *) realloc( *ppi_run_lengths, *pi_runs * sizeof( uint32_t ) );
modules/packetizer/vc1.c
* line 333 -- p_es->p_extra = realloc( p_dec->fmt_out.p_extra, p_es->i_extra );
modules/packetizer/mpeg4video.c
* line 369 -- realloc( p_dec->fmt_out.p_extra, p_frag->i_buffer );
modules/video_output/msw/directx.c
* line 2054 -- (char **)realloc( p_item->ppsz_list,
* line 2057 -- (char **)realloc( p_item->ppsz_list_text,
modules/control/rc.c
* line 2239 -- ppsz_options = realloc( ppsz_options, i_options * sizeof(char *) );
modules/control/telnet.c
* line 582 -- psz_message = realloc( psz_message, i_message );
* line 590 -- psz_message = realloc( psz_message, i_message );
* line 600 -- psz_message = realloc( psz_message, i_message );
modules/control/http/macro.c
* line 367 -- p_items = realloc( p_items, (i_nb_items + 1) *
* line 403 -- p_items = realloc( p_items, (i_nb_items + 1) *
* line 1117 -- *pp_data = realloc( *pp_data, *pi_data );
modules/control/http/mvar.c
* line 80 -- v->field = realloc( v->field, sizeof( mvar_t * ) * ( v->i_field + 2 ) );
* line 101 -- v->field = realloc( v->field, sizeof( mvar_t * ) * ( v->i_field + 2 ) );
modules/control/http/util.c
* line 97 -- *pp_data = realloc( *pp_data, *pi_data + 1025 );
modules/video_filter/gaussianblur.c
* line 204 -- p_sys->pt_buffer = realloc( p_sys->pt_buffer,
modules/video_filter/mosaic.c
* line 259 -- realloc( p_sys->pi_x_offsets, i_index * sizeof(int) );
* line 265 -- realloc( p_sys->pi_y_offsets, i_index * sizeof(int) );
* line 361 -- p_sys->ppsz_order = realloc( p_sys->ppsz_order,
* line 871 -- p_sys->ppsz_order = realloc( p_sys->ppsz_order,
modules/video_filter/bluescreen.c
* line 179 -- p_sys->p_at = realloc( p_sys->p_at, i_lines * i_pitch * sizeof( uint8_t ) );
modules/video_filter/dynamicoverlay/dynamicoverlay_list.c
* line 85 -- p_list->pp_head = realloc( p_list->pp_head,
modules/video_filter/rss.c
* line 759 -- p_feed->p_items = (struct rss_item_t *)realloc( p_feed->p_items, p_feed->i_items * sizeof( struct rss_item_t ) );
src/libvlc.c
* line 865 -- psz_modules = (char *)realloc( psz_modules, strlen( psz_modules ) +
src/modules/entry.c
* line 254 -- tab = realloc (tab, (confsize + 17) * sizeof (*tab));
src/modules/modules.c
* line 1184 -- realloc( p_bank->pp_cache, (p_bank->i_cache + 1) * sizeof(void *) );
src/network/httpd.c
* line 560 -- answer->p_body = realloc( answer->p_body, answer->i_body );
src/network/io.c
* line 508 -- psz_line = realloc( psz_line, i_max );
src/misc/variables.c
* line 210 -- p_priv->p_vars = realloc( p_priv->p_vars,
* line 383 -- p_priv->p_vars = realloc( p_priv->p_vars,
src/misc/messages.c
* line 456 -- psz_header = (char*)realloc( psz_header, i_header_size );
src/extras/libc.c
* line 807 -- *pp_data = realloc( *pp_data, *pi_data + 1025 );
src/video_output/video_output.c
* line 1609 -- psz_filter = realloc( psz_filter, strlen( psz_filter ) +
src/control/media_list_path.h
* line 65 -- *p_path = realloc( *p_path, sizeof(int)*(old_deepness+2));
src/input/es_out.c
* line 2219 -- es->fmt.p_extra = realloc( es->fmt.p_extra, p_fmt->i_extra );
* line 2231 -- realloc( es->p_dec->fmt_in.p_extra, p_fmt->i_extra );
src/input/stream.c
* line 802 -- p_sys->p_peek = realloc( p_sys->p_peek, i_read );
* line 1171 -- p_sys->p_peek = realloc( p_sys->p_peek, i_read );
* line 1589 -- p_line = realloc( p_line, i_line + i_data + s->p_text->i_char_width ); /* add \0 */
* line 1602 -- p_line = realloc( p_line, i_line + STREAM_PROBE_LINE + s->p_text->i_char_width );
src/input/vlmshell.c
* line 651 -- psz_line = realloc( psz_line, strlen(psz_line) + strlen(ppsz_property[j]) + 1 + 1 );
include/vlc_arrays.h
* line 45 -- (p_ar) = VLCCVP realloc( p_ar, ((i_oldsize) + 1) * sizeof(*(p_ar)) ); \
* line 67 -- (p_ar) = realloc( p_ar, ((i_oldsize) - 1) * sizeof( *(p_ar) ) ); \
* line 94 -- (tab) = cast realloc( tab, sizeof( void ** ) * ( (count) + 1 ) ); \
* line 144 -- (tab) = cast realloc( tab, sizeof( void ** ) * ( (count) + 1 ) ); \
* line 193 -- (array).p_elems = VLCCVP realloc( (array).p_elems, (array).i_alloc * \
libs/loader/registry.c
* line 299 -- regs=(struct reg_value*)realloc(regs, sizeof(struct reg_value)*(reg_size+1));
modules/demux/live555.cpp
* line 1006 -- p_sys->track = (live_track_t**)realloc( p_sys->track, sizeof( live_track_t ) * ( p_sys->i_track + 1 ) );
modules/demux/subtitle.c
* line 472 -- if( !( p_sys->subtitle = realloc( p_sys->subtitle,
modules/demux/vobsub.c
* line 549 -- p_sys->track = realloc( p_sys->track, sizeof( vobsub_track_t ) * (p_sys->i_tracks + 1 ) );
* line 607 -- current_tk->p_subtitles = realloc( current_tk->p_subtitles, sizeof( subtitle_t ) * (current_tk->i_subtitles + 1 ) );
modules/demux/asademux.c
* line 288 -- newstr = (char *)xrealloc(newstr, newstr_size);
* line 295 -- newstr = (char *)xrealloc(newstr, newstr_size + 1);
* line 342 -- state->matches = asai_chunk_alloc(state->matches, v, rv);
* line 384 -- state->out = (char *)xrealloc(state->out,
modules/demux/subtitle_asa.c
* line 283 -- if( !( p_sys->subtitle = realloc( p_sys->subtitle, sizeof(subtitle_t)
modules/services_discovery/sap.c
* line 1463 -- psz_dst = (unsigned char *)realloc( psz_dst, n * 1000 );
modules/access/mms/mmsh.c
* line 754 -- p_sys->p_header = realloc( p_sys->p_header, p_sys->i_header );
modules/codec/cmml/xarray.c
* line 53 -- xarray->array = (void *) realloc (xarray->array, xarray->size * 2); \
modules/codec/cmml/xurl.c
* line 438 -- psz_string = (char *) realloc( psz_string, i_new_string_length );
modules/gui/qnx/vout.c
* line 320 -- if( ( p_event = realloc( p_event, i_buflen ) ) == NULL )
modules/control/http/macro.c
* line 152 -- *pp_data = realloc( *pp_data, *pi_data ); \
src/text/strings.c
* line 667 -- dst = realloc( dst, i_size = i_size + len );\
* line 682 -- dst = realloc( dst, i_size = i_size + len );\
src/input/input.c
* line 2893 -- attachment = realloc( attachment,
while i'm at it, there's no need to do: if (foo) x=realloc(foo, size); else x=malloc(foo, size); realloc(0, size) will do the right thing.
oh, one more thing: libs/loader/win32.c 498 static void* my_realloc(void* memory, int size) 499 { 500 void *ans = memory; 501 int osize; 502 if (memory == NULL) 503 return my_mreq(size, 0); 504 osize = my_size(memory); 505 if (osize < size) 506 { 507 ans = my_mreq(size, 0); 508 memcpy(ans, memory, osize); 509 my_release(memory);
you forgot to alloc check my_mreq, so you crash at 508