fix memset overflow in oldmalloc race fix overhaul · cb5babdc8d - Gogs

fix memset overflow in oldmalloc race fix overhaul

commit 3e16313f8fe2ed143ae0267fd79d63014c24779f introduced this bug by
making the copy case reachable with n (new size) smaller than n0
(original size). this was left as the only way of shrinking an
allocation because it reduces fragmentation if a free chunk of the
appropriate size is available. when that's not the case, another
approach may be better, but any such improvement would be independent
of fixing this bug.

Rich Felker 4 年之前

父節點

4bd22b8f3e

當前提交

cb5babdc8d

共有 1 個文件被更改，包括 1 次插入 和 1 次删除

分割檢視顯示文件統計

						
							+ 1
							
							- 1
						
src/malloc/oldmalloc/malloc.c
							 
								查看文件
							
				@@ -409,7 +409,7 @@ copy_realloc:
			
				 	new = malloc(n-OVERHEAD);
			
				 	if (!new) return 0;
			
				 copy_free_ret:
			
				-	memcpy(new, p, n0-OVERHEAD);
			
				+	memcpy(new, p, (n<n0 ? n : n0) - OVERHEAD);
			
				 	free(CHUNK_TO_MEM(self));
			
				 	return new;
			
				 }