mirror of
git://sourceware.org/git/glibc.git
synced 2025-01-24 12:25:35 +08:00
malloc: Fix a potential realloc issue with memory tagging
At an _int_free call site in realloc the wrong size was used for tag clearing: the chunk header of the next chunk was also cleared which in practice may work, but logically wrong. The tag clearing is moved before the memcpy to save a tag computation, this avoids a chunk2mem. Another chunk2mem is removed because newmem does not have to be recomputed. Whitespaces got fixed too. Reviewed-by: DJ Delorie <dj@redhat.com>
This commit is contained in:
parent
42cc96066b
commit
8ae909a533
@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
|
||||
}
|
||||
else
|
||||
{
|
||||
void *oldmem = chunk2mem (oldp);
|
||||
void *oldmem = chunk2rawmem (oldp);
|
||||
size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ;
|
||||
(void) TAG_REGION (oldmem, sz);
|
||||
newmem = TAG_NEW_USABLE (newmem);
|
||||
memcpy (newmem, oldmem,
|
||||
CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ);
|
||||
(void) TAG_REGION (chunk2rawmem (oldp), oldsize);
|
||||
_int_free (av, oldp, 1);
|
||||
check_inuse_chunk (av, newp);
|
||||
return chunk2mem (newp);
|
||||
memcpy (newmem, oldmem, sz);
|
||||
_int_free (av, oldp, 1);
|
||||
check_inuse_chunk (av, newp);
|
||||
return newmem;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user