Date: Wed, 28 Dec 2005 01:53:13 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_malloc.c Message-ID: <200512280153.jBS1rEd6086940@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
pjd 2005-12-28 01:53:13 UTC
FreeBSD src repository
Modified files:
sys/kern kern_malloc.c
Log:
In realloc(9), determine size of the original block based on
UMA_SLAB_MALLOC flag.
In some circumstances (I observed it when I was doing a lot of reallocs)
UMA_SLAB_MALLOC can be set even if us_keg != NULL.
If this is the case we have wonderful, silent data corruption, because less
data is copied to the newly allocated region than should be.
I'm not sure when this bug was introduced, it could be there undetected
for years now, as we don't have a lot of realloc(9) consumers and it was
hard to reproduce it...
...but what I know for sure, is that I don't want to know who introduce
the bug:) It took me two/three days to track it down (of course most of
the time I was looking for the bug in my own code).
Revision Changes Path
1.150 +1 -1 src/sys/kern/kern_malloc.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512280153.jBS1rEd6086940>