From 5c39ebd104f314d69e34d2577e004fda5cd797c4 Mon Sep 17 00:00:00 2001
From: Juergen Perlinger <perlinger@ntp.org>
Date: Tue, 29 Jul 2014 20:35:32 +0200
Subject: [PATCH] [Bug 2628] 'mon_getmoremem()' relies on undefined behaviour

bk: 53d7e974DhdcT_XG61P9iwQSGNKVTg
---
 ChangeLog          |  1 +
 ntpd/ntp_monitor.c | 13 +++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 07c8248bc..46be5e43d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 2628] 'mon_getmoremem()' relies on undefined behaviour
 (4.2.7p453) 2014/07/19 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 2597] leap file loose ends (follow-up)
   - uniform expiration check messages for config and timer triggered
diff --git a/ntpd/ntp_monitor.c b/ntpd/ntp_monitor.c
index 5f674e1ac..1214e1d66 100644
--- a/ntpd/ntp_monitor.c
+++ b/ntpd/ntp_monitor.c
@@ -176,19 +176,20 @@ static void
 mon_getmoremem(void)
 {
 	mon_entry *chunk;
-	mon_entry *mon;
 	u_int entries;
 
 	entries = (0 == mon_mem_increments)
 		      ? mru_initalloc
 		      : mru_incalloc;
 
-	chunk = emalloc(entries * sizeof(*chunk));
-	for (mon = chunk + entries - 1; mon >= chunk; mon--)
-		mon_free_entry(mon);
+	if (entries) {
+		chunk = emalloc(entries * sizeof(*chunk));
+		mru_alloc += entries;
+		for (chunk += entries; entries; entries--)
+			mon_free_entry(--chunk);
 
-	mru_alloc += entries;
-	mon_mem_increments++;
+		mon_mem_increments++;
+	}
 }
 
 
-- 
2.47.3