3350. [bug] Memory read overrun in isc___mem_reallocate if

ISC_MEM_DEBUGCTX memory debugging flag is set. [RT #30240]
2012-07-18 09:54:25 +10:00
parent d92f5ce987
commit 6439173dae
2 changed files with 9 additions and 1 deletions
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -1405,7 +1405,11 @@ isc__mem_reallocate(isc_mem_t *ctx, void *ptr, size_t size FLARG) {
 			oldsize = (((size_info *)ptr)[-1]).u.size;
 			INSIST(oldsize >= ALIGNMENT_SIZE);
 			oldsize -= ALIGNMENT_SIZE;
-			copysize = oldsize > size ? size : oldsize;
+			if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) {
+				INSIST(oldsize >= ALIGNMENT_SIZE);
+				oldsize -= ALIGNMENT_SIZE;
+			}
+			copysize = (oldsize > size) ? size : oldsize;
 			memcpy(new_ptr, ptr, copysize);
 			isc__mem_free(ctx, ptr FLARG_PASS);
 		}