#2678 ARP_Scan_Init doesn't properly verify realloc when arp cache needs to grow (5.7.2)
When expanding the amount of memory available for the arpcache, a call to realloc is made and a comparison is made against the old pointer to check for a failure (agent/mibgroup/mibII/at.c):
636 if (i >= arptab_curr_max_size) {
637 struct arptab newtab = (struct arptab )
638 realloc(at, (sizeof(struct arptab) *
639 (arptab_curr_max_size + ARP_CACHE_INCR)));
640 if (newtab == at) {
641 snmp_log(LOG_ERR,
642 "Error allocating more space for arpcache. "
643 "Cache will continue to be limited to %d entries",
644 arptab_curr_max_size);
645 break;
646 } else {
647 arptab_curr_max_size += ARP_CACHE_INCR;
648 at = newtab;
649 }
650 }
This results in an unexpected failure when the reallocation occurs in-place (i.e. 'at' == 'newtab'). It also doesn't handle the case of an actual memory allocation failure when realloc() returns NULL.
Thanks for the report. It has been fixed on all active branches.