SLOB: fix bogus ksize calculation
authorMatt Mackall <mpm@selenic.com>
Tue, 7 Oct 2008 16:37:35 +0000 (11:37 -0500)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 7 Oct 2008 18:19:23 +0000 (11:19 -0700)
SLOB's ksize calculation was braindamaged and generally harmlessly
underreported the allocation size. But for very small buffers, it could
in fact overreport them, leading code depending on krealloc to overrun
the allocation and trample other data.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Tested-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mm/slob.c

index 4c82dd41f32eae2ff2274f3d2b1d78e8e45fbb43..62b679dc660fb9244a745142c79186000793343f 100644 (file)
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -515,7 +515,7 @@ size_t ksize(const void *block)
 
        sp = (struct slob_page *)virt_to_page(block);
        if (slob_page(sp))
-               return ((slob_t *)block - 1)->units + SLOB_UNIT;
+               return (((slob_t *)block - 1)->units - 1) * SLOB_UNIT;
        else
                return sp->page.private;
 }