malloc: fix an over-allocation bug

Fix an instance where realloc code would overallocate by OVERHEAD bytes amount. Manually arrange for reuse of memcpy-free-return exit sequence.
author: Alexander Monakov <amonakov@ispras.ru> 2018-04-16 20:54:35 +0300
committer: Rich Felker <dalias@aerifal.cx> 2018-04-17 19:23:00 -0400
commit: d889cc3463edc92869676c1eec34a8f52d942adb (patch)
tree: fcb4a80211cfb62c732a3957d2d19b205e804a2e /src/malloc
parent: b9410061e2ad6fe91bb3910c3adc7d4a315b7ce9 (diff)
download: musl-d889cc3463edc92869676c1eec34a8f52d942adb.tar.gz
musl-d889cc3463edc92869676c1eec34a8f52d942adb.tar.xz
musl-d889cc3463edc92869676c1eec34a8f52d942adb.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 0a7d5d85..db19bc34 100644
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -414,10 +414,9 @@ void *realloc(void *p, size_t n)
 		size_t newlen = n + extra;
 		/* Crash on realloc of freed chunk */
 		if (extra & 1) a_crash();
-		if (newlen < PAGE_SIZE && (new = malloc(n))) {
-			memcpy(new, p, n-OVERHEAD);
-			free(p);
-			return new;
+		if (newlen < PAGE_SIZE && (new = malloc(n-OVERHEAD))) {
+			n0 = n;
+			goto copy_free_ret;
 		}
 		newlen = (newlen + PAGE_SIZE-1) & -PAGE_SIZE;
 		if (oldlen == newlen) return p;
@@ -460,6 +459,7 @@ copy_realloc:
 	/* As a last resort, allocate a new chunk and copy to it. */
 	new = malloc(n-OVERHEAD);
 	if (!new) return 0;
+copy_free_ret:
 	memcpy(new, p, n0-OVERHEAD);
 	free(CHUNK_TO_MEM(self));
 	return new;
author	Alexander Monakov <amonakov@ispras.ru>	2018-04-16 20:54:35 +0300
committer	Rich Felker <dalias@aerifal.cx>	2018-04-17 19:23:00 -0400
commit	d889cc3463edc92869676c1eec34a8f52d942adb (patch)
tree	fcb4a80211cfb62c732a3957d2d19b205e804a2e /src/malloc
parent	b9410061e2ad6fe91bb3910c3adc7d4a315b7ce9 (diff)
download	musl-d889cc3463edc92869676c1eec34a8f52d942adb.tar.gz musl-d889cc3463edc92869676c1eec34a8f52d942adb.tar.xz musl-d889cc3463edc92869676c1eec34a8f52d942adb.zip