From: Willy Tarreau <w@1wt.eu>
Date: Fri, 7 May 2021 06:01:35 +0000 (+0200)
Subject: BUG/MINOR: activity: use the new pointer to calculate the new size in realloc()
X-Git-Tag: v2.4-dev19~106
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2639e2edc2cdc0546a83291e553c7423517f0a67;p=thirdparty%2Fhaproxy.git

BUG/MINOR: activity: use the new pointer to calculate the new size in realloc()

When memory profiling is enabled, realloc() can occasionally get the area
size wrong due to the wrong pointer being used to check the new size. When
the old area gets unmapped in the operation, this may even result in a
crash. There's no impact without memory profiling though.

No backport is needed as this is exclusively 2.4-dev.
---

diff --git a/src/activity.c b/src/activity.c
index df8b9bdda0..d058cfd74f 100644
--- a/src/activity.c
+++ b/src/activity.c
@@ -276,7 +276,7 @@ void *realloc(void *ptr, size_t size)
 
 	size_before = malloc_usable_size(ptr);
 	ret = memprof_realloc_handler(ptr, size);
-	size = malloc_usable_size(ptr);
+	size = malloc_usable_size(ret);
 
 	bin = memprof_get_bin(__builtin_return_address(0));
 	if (size > size_before) {