diff options
author | Matt Mackall <mpm@selenic.com> | 2008-10-07 11:37:35 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-07 11:19:23 -0700 |
commit | 85ba94ba0592296053f7f2846812173424afe1cb (patch) | |
tree | 08b988ee8ebae30f31830801a44a62e0eec4856e | |
parent | e09e6e2b6a5daf653794926ab50a784b14b6de53 (diff) | |
download | linux-3.10-85ba94ba0592296053f7f2846812173424afe1cb.tar.gz linux-3.10-85ba94ba0592296053f7f2846812173424afe1cb.tar.bz2 linux-3.10-85ba94ba0592296053f7f2846812173424afe1cb.zip |
SLOB: fix bogus ksize calculation
SLOB's ksize calculation was braindamaged and generally harmlessly
underreported the allocation size. But for very small buffers, it could
in fact overreport them, leading code depending on krealloc to overrun
the allocation and trample other data.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Tested-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | mm/slob.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mm/slob.c b/mm/slob.c index 4c82dd41f32..62b679dc660 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -515,7 +515,7 @@ size_t ksize(const void *block) sp = (struct slob_page *)virt_to_page(block); if (slob_page(sp)) - return ((slob_t *)block - 1)->units + SLOB_UNIT; + return (((slob_t *)block - 1)->units - 1) * SLOB_UNIT; else return sp->page.private; } |