Stefan Bellon sbellon at
Fri Jan 2 04:42:14 PST 2004

David Marston wrote:

> Just to add to what Peter said, I don't think the setvbuf call will
> ever result in malloc(0) as do_buffer checks if the new buffer size is
> 0 before making that call.

Oh, you're right. I missed that surrounding if. Ok, it looks like the
problem is elsewhere, but weird anyway that this call then can trigger
a heap corruption that has its origin elsewhere.

Another question regarding exactly the same code in do_buffer():

  if (flag == _IOFBF || flag == _IOLBF)
      if (newbufsize == 0)
          (void) __set_errno (EINVAL);
          return EOF;

Is it correct to set EINVAL in that case? The Single Unix Specification
v3 only talks about EBADF as possible error code from a call to

Stefan Bellon

More information about the gcc mailing list