SLOB: fix bogus ksize calculation
SLOB's ksize calculation was braindamaged and generally harmlessly underreported the allocation size. But for very small buffers, it could in fact overreport them, leading code depending on krealloc to overrun the allocation and trample other data. Signed-off-by: Matt Mackall <mpm@selenic.com> Tested-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
e09e6e2b6a
commit
85ba94ba05
@ -515,7 +515,7 @@ size_t ksize(const void *block)
|
|||||||
|
|
||||||
sp = (struct slob_page *)virt_to_page(block);
|
sp = (struct slob_page *)virt_to_page(block);
|
||||||
if (slob_page(sp))
|
if (slob_page(sp))
|
||||||
return ((slob_t *)block - 1)->units + SLOB_UNIT;
|
return (((slob_t *)block - 1)->units - 1) * SLOB_UNIT;
|
||||||
else
|
else
|
||||||
return sp->page.private;
|
return sp->page.private;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user