delete_io_handle: fix deletion of last handle

When num_ios goes from 1 to 0, a realloc(ios, 0); call is made.
This is equivalent to free(ios) and NULL is returned.

However, the previous logic in the code incorrectly discards this NULL
return value. When we next call new_io_handle(), realloc(ios, X) is
called with "ios" pointing to freed memory. This causes glibc to abort.

Correct this logic to detect the 1-to-0 case and handle it correctly.
Other cases are unchanged; there is still value in checking the
return value from realloc() as it also returns NULL on error.

Signed-off-by: Daniel Drake <>
Reviewed-by: Alan Coopersmith <>
1 file changed