diff options
author | mdf <mdf@FreeBSD.org> | 2010-08-31 16:57:58 +0000 |
---|---|---|
committer | mdf <mdf@FreeBSD.org> | 2010-08-31 16:57:58 +0000 |
commit | 42170bf6d6b1aa24e8b524672f3bbaf280e7e7c9 (patch) | |
tree | 52db48d2d45957d087b493ecb0f31698ab2834fd /sys/kern | |
parent | 655a96888d55c63b6496de2c02332278739d62f6 (diff) | |
download | FreeBSD-src-42170bf6d6b1aa24e8b524672f3bbaf280e7e7c9.zip FreeBSD-src-42170bf6d6b1aa24e8b524672f3bbaf280e7e7c9.tar.gz |
The realloc case for memguard(9) will copy too many bytes when
reallocating to a smaller-sized allocation. Fix this issue.
Noticed by: alc
Reviewed by: alc
Approved by: zml (mentor)
MFC after: 3 weeks
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_malloc.c | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c index 00df9dd..1e97b55 100644 --- a/sys/kern/kern_malloc.c +++ b/sys/kern/kern_malloc.c @@ -566,11 +566,8 @@ realloc(void *addr, unsigned long size, struct malloc_type *mtp, int flags) */ #ifdef DEBUG_MEMGUARD - if (is_memguard_addr(addr)) { - slab = NULL; - alloc = size; - goto remalloc; - } + if (is_memguard_addr(addr)) + return (memguard_realloc(addr, size, mtp, flags)); #endif #ifdef DEBUG_REDZONE @@ -595,10 +592,6 @@ realloc(void *addr, unsigned long size, struct malloc_type *mtp, int flags) return (addr); #endif /* !DEBUG_REDZONE */ -#ifdef DEBUG_MEMGUARD -remalloc: -#endif - /* Allocate a new, bigger (or smaller) block */ if ((newaddr = malloc(size, mtp, flags)) == NULL) return (NULL); |