mirrors/musl
1
0
Fork 0
mirror of https://git.musl-libc.org/git/musl synced 2025-01-09 00:02:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix memset overflow in oldmalloc race fix overhaul

Browse Source 
commit 3e16313f8f introduced this bug by
making the copy case reachable with n (new size) smaller than n0
(original size). this was left as the only way of shrinking an
allocation because it reduces fragmentation if a free chunk of the
appropriate size is available. when that's not the case, another
approach may be better, but any such improvement would be independent
of fixing this bug.
This commit is contained in:
Rich Felker 2020-06-16 00:34:12 -04:00
parent 4bd22b8f3e
commit cb5babdc8d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/malloc/oldmalloc/malloc.c
View File

@ -409,7 +409,7 @@ copy_realloc:
new = malloc(n-OVERHEAD);
if (!new) return 0;
copy_free_ret:
memcpy(new, p, n0-OVERHEAD);
memcpy(new, p, (n<n0 ? n : n0) - OVERHEAD);
free(CHUNK_TO_MEM(self));
return new;
}