[1/2] malloc: fix realloc wrong copy size
Checks
Commit Message
In rte_realloc, if the old element has pad and need to allocate a new
memory, the padding size was not deducted, so more data was copied to
new data area.
Fixes: af75078fece3 ("first public release")
Cc: stable@dpdk.org
Signed-off-by: Xueming Li <xuemingl@mellanox.com>
---
lib/librte_eal/common/rte_malloc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
On 12-Nov-19 2:50 PM, Xueming Li wrote:
> In rte_realloc, if the old element has pad and need to allocate a new
> memory, the padding size was not deducted, so more data was copied to
> new data area.
>
> Fixes: af75078fece3 ("first public release")
> Cc: stable@dpdk.org
>
> Signed-off-by: Xueming Li <xuemingl@mellanox.com>
> ---
Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
@@ -150,7 +150,8 @@ rte_realloc_socket(void *ptr, size_t size, unsigned int align, int socket)
void *new_ptr = rte_malloc_socket(NULL, size, align, socket);
if (new_ptr == NULL)
return NULL;
- const unsigned old_size = elem->size - MALLOC_ELEM_OVERHEAD;
+ /* elem: |pad|data_elem|data|trailer| */
+ const size_t old_size = elem->size - elem->pad - MALLOC_ELEM_OVERHEAD;
rte_memcpy(new_ptr, ptr, old_size < size ? old_size : size);
rte_free(ptr);