From owner-cvs-src@FreeBSD.ORG  Wed Dec 28 01:53:15 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A8EE16A41F;
	Wed, 28 Dec 2005 01:53:15 +0000 (GMT) (envelope-from pjd@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4242943D4C;
	Wed, 28 Dec 2005 01:53:15 +0000 (GMT) (envelope-from pjd@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id jBS1rEU8086941;
	Wed, 28 Dec 2005 01:53:14 GMT (envelope-from pjd@repoman.freebsd.org)
Received: (from pjd@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id jBS1rEd6086940;
	Wed, 28 Dec 2005 01:53:14 GMT (envelope-from pjd)
Message-Id: <200512280153.jBS1rEd6086940@repoman.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Wed, 28 Dec 2005 01:53:13 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/sys/kern kern_malloc.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2005 01:53:15 -0000

pjd         2005-12-28 01:53:13 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             kern_malloc.c 
  Log:
  In realloc(9), determine size of the original block based on
  UMA_SLAB_MALLOC flag.
  In some circumstances (I observed it when I was doing a lot of reallocs)
  UMA_SLAB_MALLOC can be set even if us_keg != NULL.
  
  If this is the case we have wonderful, silent data corruption, because less
  data is copied to the newly allocated region than should be.
  
  I'm not sure when this bug was introduced, it could be there undetected
  for years now, as we don't have a lot of realloc(9) consumers and it was
  hard to reproduce it...
  ...but what I know for sure, is that I don't want to know who introduce
  the bug:) It took me two/three days to track it down (of course most of
  the time I was looking for the bug in my own code).
  
  Revision  Changes    Path
  1.150     +1 -1      src/sys/kern/kern_malloc.c