From: Willy Tarreau <w@1wt.eu>
Date: Fri, 7 May 2021 06:01:35 +0000 (+0200)
Subject: BUG/MINOR: activity: use the new pointer to calculate the new size in realloc()
X-Git-Tag: v2.4-dev19~106
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=2639e2edc2cdc0546a83291e553c7423517f0a67;p=haproxy-2.5.git

BUG/MINOR: activity: use the new pointer to calculate the new size in realloc()

When memory profiling is enabled, realloc() can occasionally get the area
size wrong due to the wrong pointer being used to check the new size. When
the old area gets unmapped in the operation, this may even result in a
crash. There's no impact without memory profiling though.

No backport is needed as this is exclusively 2.4-dev.
---

diff --git a/src/activity.c b/src/activity.c
index df8b9bd..d058cfd 100644
--- a/src/activity.c
+++ b/src/activity.c
@@ -276,7 +276,7 @@ void *realloc(void *ptr, size_t size)
 
 	size_before = malloc_usable_size(ptr);
 	ret = memprof_realloc_handler(ptr, size);
-	size = malloc_usable_size(ptr);
+	size = malloc_usable_size(ret);
 
 	bin = memprof_get_bin(__builtin_return_address(0));
 	if (size > size_before) {