From ebbbfc8bd23e99e1343d37d9b308b5f7e18a5e20 Mon Sep 17 00:00:00 2001 From: Gunnar Ritter Date: Thu, 17 Feb 2005 20:38:02 +0000 Subject: [PATCH] * Fixed an error in the realloc() function in mapmalloc.c that sometimes caused memory to be overwritten because memcpy(new, old, size) was called with the size of 'new' if 'new' was larger than 'old'. --- Changes | 3 +++ mapmalloc.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Changes b/Changes index cbbdb9a..a9a33c9 100644 --- a/Changes +++ b/Changes @@ -40,6 +40,9 @@ Release ... * Ex does not exit on errors immediately anymore if standard input is not a terminal but a pipe or regular file. * The 'substitute' ex command can now be abbreviated as 'sub', 'subst' etc. +* Fixed an error in the realloc() function in mapmalloc.c that sometimes + caused memory to be overwritten because memcpy(new, old, size) was called + with the size of 'new' if 'new' was larger than 'old'. Release 1/19/05 * The last release erroneously made 'X' work like 'x' in visual mode. It now diff --git a/mapmalloc.c b/mapmalloc.c index 8c8f117..90f8c30 100644 --- a/mapmalloc.c +++ b/mapmalloc.c @@ -5,7 +5,7 @@ * September 2001. */ -/* Sccsid @(#)mapmalloc.c 1.14 (gritter) 11/26/04 */ +/* Sccsid @(#)mapmalloc.c 1.15 (gritter) 2/17/05 */ /* ==================================================================== * Copyright (c) 1999-2000 Ralf S. Engelschall. All rights reserved. @@ -508,7 +508,7 @@ realloc(char *ptr, size_t usize) } if ((vp = malloc(usize)) == NULL) return NULL; - memcpy(vp, ptr, usize); + memcpy(vp, ptr, mc->mc_usize); free(ptr); return vp; }