git.samba.org / abartlet / samba.git / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 105eb95)
talloc: Fix write behind memory block
authorKamen Mazdrashki <kamen.mazdrashki@postpath.com>
Sat, 5 Dec 2009 19:44:15 +0000 (21:44 +0200)
committerAndrew Tridgell <tridge@samba.org>
Tue, 8 Dec 2009 01:39:10 +0000 (12:39 +1100)
If ALWASY_REALLOC is defined and we are to 'shrink' memory block,
memcpy() will write outside memory just allocated.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
lib/talloc/talloc.c patch | blob | history

diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 7beda4b0f587b69c0f549eb76d2935f1d4413d55..f7b1ac3dbd782d58ac86baff174e19b30eef912d 100644 (file)
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -1184,7 +1184,7 @@ void *_talloc_realloc(const void *context, void *ptr, size_t size, const char *n
 #if ALWAYS_REALLOC
        new_ptr = malloc(size + TC_HDR_SIZE);
        if (new_ptr) {
-               memcpy(new_ptr, tc, tc->size + TC_HDR_SIZE);
+               memcpy(new_ptr, tc, MIN(tc->size, size) + TC_HDR_SIZE);
                free(tc);
        }
 #else
Unnamed repository; edit this file to name it for gitweb.