Fix a null pointer dereference causing a crash in 'read_real' when the
terminating null character is written for use with the subsequent call
to 'nan' for NaN reference input using null 'n-char-sequence', such as:
%a:nan():1:5:nan():
by moving the memory allocation call ahead of the check for the closing
parenthesis.
No test case added as it's a test case issue in the first place.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
if (ch == '(') \
while (1) \
{ \
+ if (i == seq_size) \
+ { \
+ seq_size += SIZE_CHUNK; \
+ seq = xrealloc (seq, seq_size); \
+ } \
ch = read_input (); \
if (ch == ')') \
break; \
v = NAN; \
goto out; \
} \
- if (i == seq_size) \
- { \
- seq_size += SIZE_CHUNK; \
- seq = xrealloc (seq, seq_size); \
- } \
seq[i++] = ch; \
} \
seq[i] = '\0'; \
projects / thirdparty / glibc.git / commitdiff
