[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Apr 2018 20:54:35 +0300
From: Alexander Monakov <amonakov@...ras.ru>
To: musl@...ts.openwall.com
Subject: [PATCH 1/2] malloc: fix an over-allocation bug
Fix an instance where realloc code would overallocate by OVERHEAD bytes
amount. Manually arrange for reuse of memcpy-free-return exit sequence.
---
src/malloc/malloc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 9e05e1d6..1af4ae5a 100644
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -397,10 +397,9 @@ void *realloc(void *p, size_t n)
size_t newlen = n + extra;
/* Crash on realloc of freed chunk */
if (extra & 1) a_crash();
- if (newlen < PAGE_SIZE && (new = malloc(n))) {
- memcpy(new, p, n-OVERHEAD);
- free(p);
- return new;
+ if (newlen < PAGE_SIZE && (new = malloc(n-OVERHEAD))) {
+ n0 = n;
+ goto copy_free_ret;
}
newlen = (newlen + PAGE_SIZE-1) & -PAGE_SIZE;
if (oldlen == newlen) return p;
@@ -443,6 +442,7 @@ copy_realloc:
/* As a last resort, allocate a new chunk and copy to it. */
new = malloc(n-OVERHEAD);
if (!new) return 0;
+copy_free_ret:
memcpy(new, p, n0-OVERHEAD);
free(CHUNK_TO_MEM(self));
return new;
--
2.11.0
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
