|
Check-in Number:
|
4837 | |
| Date: |
2004-Nov-15 17:48:06 (local)
2004-Nov-15 16:48:06 (UTC) |
| User: | rse |
| Branch: | |
| Comment: |
Fix mm_realloc() function: If the memory chunk passed to mm_realloc()
can't be extended and a new chunk must be allocated, the old memory
is copied into the new chunk with a call to memcpy(3). However, the
used size is the length of the new data and will cause memcpy(3) to
access memory beyond the old data chunk's boundaries.
Submitted by: Kirk Petersen <kirk.petersen@watchguard.com> |
| Tickets: |
|
#52 | |
valgrind complains about mm_realloc |
|
| Inspections: |
|
| Files: |
|
ossp-pkg/mm/ChangeLog 1.47 -> 1.48
--- ChangeLog 2004/11/15 15:14:39 1.47
+++ ChangeLog 2004/11/15 16:48:06 1.48
@@ -11,6 +11,13 @@
Changes between 1.3.1 and 1.3.2 (12-Sep-2003 to xx-Nov-2004)
+ *) Fix mm_realloc() function: If the memory chunk passed to mm_realloc()
+ can't be extended and a new chunk must be allocated, the old memory
+ is copied into the new chunk with a call to memcpy(3). However, the
+ used size is the length of the new data and will cause memcpy(3) to
+ access memory beyond the old data chunk's boundaries.
+ [Kirk Petersen <kirk.petersen@watchguard.com>]
+
*) Upgraded build environment to GNU Libtool 1.5.10
[Ralf S. Engelschall]
|
|
ossp-pkg/mm/mm_alloc.c 1.19 -> 1.20
--- mm_alloc.c 2004/09/12 18:35:01 1.19
+++ mm_alloc.c 2004/11/15 16:48:06 1.20
@@ -350,7 +350,7 @@
}
if ((vp = mm_malloc(mm, usize)) == NULL)
return NULL;
- memcpy(vp, ptr, usize);
+ memcpy(vp, ptr, mc->mc_usize);
mm_free(mm, ptr);
return vp;
}
|
|
