From 8efabcc8a5dcd83deed8ef8e17826a1d347e6d83 Mon Sep 17 00:00:00 2001
From: Kamen Mazdrashki <kamen.mazdrashki@postpath.com>
Date: Sat, 5 Dec 2009 21:44:15 +0200
Subject: talloc: Fix write behind memory block

If ALWASY_REALLOC is defined and we are to 'shrink' memory block,
memcpy() will write outside memory just allocated.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 lib/talloc/talloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 7beda4b0f5..f7b1ac3dbd 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -1184,7 +1184,7 @@ void *_talloc_realloc(const void *context, void *ptr, size_t size, const char *n
 #if ALWAYS_REALLOC
 	new_ptr = malloc(size + TC_HDR_SIZE);
 	if (new_ptr) {
-		memcpy(new_ptr, tc, tc->size + TC_HDR_SIZE);
+		memcpy(new_ptr, tc, MIN(tc->size, size) + TC_HDR_SIZE);
 		free(tc);
 	}
 #else
-- 
cgit