From 1e8a8875d69e36d2890b223ffe8853a8ff0c9512 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 8 Jun 2016 20:50:21 +0200 Subject: malloc: Correct size computation in realloc for dumped fake mmapped chunks For regular mmapped chunks there are two size fields (hence a reduction by 2 * SIZE_SZ bytes), but for fake chunks, we only have one size field, so we need to subtract SIZE_SZ bytes. This was initially reported as Emacs bug 23726. --- malloc/malloc.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'malloc') diff --git a/malloc/malloc.c b/malloc/malloc.c index ead9a21..6f77d37 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1748,7 +1748,9 @@ static struct malloc_state main_arena = /* These variables are used for undumping support. Chunked are marked as using mmap, but we leave them alone if they fall into this - range. */ + range. NB: The chunk size for these chunks only includes the + initial size field (of SIZE_SZ bytes), there is no trailing size + field (unlike with regular mmapped chunks). */ static mchunkptr dumped_main_arena_start; /* Inclusive. */ static mchunkptr dumped_main_arena_end; /* Exclusive. */ @@ -3029,9 +3031,11 @@ __libc_realloc (void *oldmem, size_t bytes) if (newmem == 0) return NULL; /* Copy as many bytes as are available from the old chunk - and fit into the new size. */ - if (bytes > oldsize - 2 * SIZE_SZ) - bytes = oldsize - 2 * SIZE_SZ; + and fit into the new size. NB: The overhead for faked + mmapped chunks is only SIZE_SZ, not 2 * SIZE_SZ as for + regular mmapped chunks. */ + if (bytes > oldsize - SIZE_SZ) + bytes = oldsize - SIZE_SZ; memcpy (newmem, oldmem, bytes); return newmem; } -- cgit v1.1