From 699dc2618df280782967694050cf9ad1b4c18dca Mon Sep 17 00:00:00 2001 From: moritz <> Date: Tue, 4 Apr 2006 11:21:50 +0000 Subject: [PATCH] When tdelete() is used to delete the root node, don't return a pointer to the freed root node, but return a pointer to the new root node. POSIX does not define, what should be returned in that case. Fixes Coverity CID 2528. ok millert@ otto@ --- src/lib/libc/stdlib/tsearch.3 | 4 ++-- src/lib/libc/stdlib/tsearch.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lib/libc/stdlib/tsearch.3 b/src/lib/libc/stdlib/tsearch.3 index 589f0574..ebc521ba 100644 --- a/src/lib/libc/stdlib/tsearch.3 +++ b/src/lib/libc/stdlib/tsearch.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tsearch.3,v 1.13 2006/01/30 19:50:41 jmc Exp $ +.\" $OpenBSD: tsearch.3,v 1.14 2006/04/04 11:21:50 moritz Exp $ .\" .\" Copyright (c) 1997 Todd C. Miller .\" @@ -74,7 +74,7 @@ and .Fn tsearch . If the node to be deleted is the root of the binary search tree, .Fa rootp -will be adjusted. +will be adjusted and a pointer to the new root will be returned. .Pp .Fn twalk walks the binary search tree rooted in diff --git a/src/lib/libc/stdlib/tsearch.c b/src/lib/libc/stdlib/tsearch.c index a5d0c2b9..667c5773 100644 --- a/src/lib/libc/stdlib/tsearch.c +++ b/src/lib/libc/stdlib/tsearch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tsearch.c,v 1.5 2005/03/30 18:51:49 pat Exp $ */ +/* $OpenBSD: tsearch.c,v 1.6 2006/04/04 11:21:50 moritz Exp $ */ /* * Tree search generalized from Knuth (6.2.2) Algorithm T just like @@ -86,6 +86,8 @@ tdelete(const void *vkey, void **vrootp, q->right = (*rootp)->right; } } + if (p == *rootp) + p = q; free((struct node_t *) *rootp); /* D4: Free node */ *rootp = q; /* link parent to new node */ return(p);