Index: ossp-pkg/mm/ChangeLog
RCS File: /v/ossp/cvs/ossp-pkg/mm/ChangeLog,v
rcsdiff -q -kk '-r1.47' '-r1.48' -u '/v/ossp/cvs/ossp-pkg/mm/ChangeLog,v' 2>/dev/null
--- ChangeLog	2004/11/15 15:14:39	1.47
+++ ChangeLog	2004/11/15 16:48:06	1.48
@@ -11,6 +11,13 @@
 
  Changes between 1.3.1 and 1.3.2 (12-Sep-2003 to xx-Nov-2004)
 
+  *) Fix mm_realloc() function: If the memory chunk passed to mm_realloc()
+     can't be extended and a new chunk must be allocated, the old memory
+     is copied into the new chunk with a call to memcpy(3). However, the
+     used size is the length of the new data and will cause memcpy(3) to
+     access memory beyond the old data chunk's boundaries.
+     [Kirk Petersen <kirk.petersen@watchguard.com>]
+
   *) Upgraded build environment to GNU Libtool 1.5.10
      [Ralf S. Engelschall]
 
Index: ossp-pkg/mm/mm_alloc.c
RCS File: /v/ossp/cvs/ossp-pkg/mm/mm_alloc.c,v
rcsdiff -q -kk '-r1.19' '-r1.20' -u '/v/ossp/cvs/ossp-pkg/mm/mm_alloc.c,v' 2>/dev/null
--- mm_alloc.c	2004/09/12 18:35:01	1.19
+++ mm_alloc.c	2004/11/15 16:48:06	1.20
@@ -350,7 +350,7 @@
     }
     if ((vp = mm_malloc(mm, usize)) == NULL)
         return NULL;
-    memcpy(vp, ptr, usize);
+    memcpy(vp, ptr, mc->mc_usize);
     mm_free(mm, ptr);
     return vp;
 }