From 1e8a8875d69e36d2890b223ffe8853a8ff0c9512 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 8 Jun 2016 20:50:21 +0200 Subject: [PATCH] malloc: Correct size computation in realloc for dumped fake mmapped chunks For regular mmapped chunks there are two size fields (hence a reduction by 2 * SIZE_SZ bytes), but for fake chunks, we only have one size field, so we need to subtract SIZE_SZ bytes. This was initially reported as Emacs bug 23726. --- ChangeLog | 7 +++++++ malloc/malloc.c | 12 ++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 20b3dc0194..6ceb2dfeec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2016-06-08 Florian Weimer + + Emacs bug 23726. + * malloc/malloc.c (dumped_main_arena_start): Update comment. + (__libc_realloc): Correct size computation for dumped fake mmapped + chunks. + 2016-06-07 Joseph Myers [BZ #20219] diff --git a/malloc/malloc.c b/malloc/malloc.c index ead9a21d81..6f77d372a8 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1748,7 +1748,9 @@ static struct malloc_state main_arena = /* These variables are used for undumping support. Chunked are marked as using mmap, but we leave them alone if they fall into this - range. */ + range. NB: The chunk size for these chunks only includes the + initial size field (of SIZE_SZ bytes), there is no trailing size + field (unlike with regular mmapped chunks). */ static mchunkptr dumped_main_arena_start; /* Inclusive. */ static mchunkptr dumped_main_arena_end; /* Exclusive. */ @@ -3029,9 +3031,11 @@ __libc_realloc (void *oldmem, size_t bytes) if (newmem == 0) return NULL; /* Copy as many bytes as are available from the old chunk - and fit into the new size. */ - if (bytes > oldsize - 2 * SIZE_SZ) - bytes = oldsize - 2 * SIZE_SZ; + and fit into the new size. NB: The overhead for faked + mmapped chunks is only SIZE_SZ, not 2 * SIZE_SZ as for + regular mmapped chunks. */ + if (bytes > oldsize - SIZE_SZ) + bytes = oldsize - SIZE_SZ; memcpy (newmem, oldmem, bytes); return newmem; }