From 6b98c595aec0ab438e0e3c6faf220260f710f126 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Mon, 27 Nov 2017 12:32:54 +0200
Subject: [PATCH] lib: mempool-allocfree - include overhead in size check

Found by valgrind
---
 src/lib/mempool-allocfree.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/mempool-allocfree.c b/src/lib/mempool-allocfree.c
index 15908dcdd9..e80b8af05b 100644
--- a/src/lib/mempool-allocfree.c
+++ b/src/lib/mempool-allocfree.c
@@ -171,7 +171,7 @@ static void *pool_allocfree_malloc(pool_t pool, size_t size)
 	struct allocfree_pool *apool =
 		container_of(pool, struct allocfree_pool, pool);
 
-	if (unlikely(size == 0 || size > SSIZE_T_MAX))
+	if (unlikely(size == 0 || size > SSIZE_T_MAX - SIZEOF_POOLBLOCK))
 		i_panic("Trying to allocate %"PRIuSIZE_T" bytes", size);
 
 	struct pool_block *block = calloc(1, SIZEOF_POOLBLOCK + size);
@@ -201,7 +201,7 @@ static void *pool_allocfree_realloc(pool_t pool, void *mem,
 		container_of(pool, struct allocfree_pool, pool);
 	unsigned char *new_mem;
 
-	if (unlikely(new_size == 0 || new_size > SSIZE_T_MAX))
+	if (unlikely(new_size == 0 || new_size > SSIZE_T_MAX - SIZEOF_POOLBLOCK))
 		i_panic("Trying to allocate %"PRIuSIZE_T" bytes", new_size);
 
 	if (mem == NULL)
-- 
2.47.3