| CODENOTIFIER | HelpYou are not signed inSign in |
Project: Memcached
Revision: 784
Author: dormando
Date: 23 Jun 2008 00:05:08
Changes:Fix freesuffix corruption.
When attempting to grow the freesuffix storage, the realloc is sized
to the number of bytes in freesuffixtotal instead of a number of
pointers of that size.
That is, the original malloc is for
sizeof(char *) * freesuffixtotal
but the realloc for growth was
freesuffixtotal * 2
On a 32-bit machine, this would have the effect of freeing half of
the freelist when an attempt was made to grow it.
The realloc is now consistent with the initial malloc.
Files:| ...... | @@ -593,7 +593,8 @@ | |
| 593 | 593 | return false; |
| 594 | 594 | } else { |
| 595 | 595 | /* try to enlarge free connections array */ |
| 596 | char **new_freesuffix = realloc(freesuffix, freesuffixtotal * 2); | |
| 596 | char **new_freesuffix = realloc(freesuffix, | |
| 597 | sizeof(char *) * freesuffixtotal * 2); | |
| 597 | 598 | if (new_freesuffix) { |
| 598 | 599 | freesuffixtotal *= 2; |
| 599 | 600 | freesuffix = new_freesuffix; |