aboutsummaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorMatt Mackall <mpm@selenic.com>2008-10-07 12:37:35 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-10-07 14:19:23 -0400
commit85ba94ba0592296053f7f2846812173424afe1cb (patch)
tree08b988ee8ebae30f31830801a44a62e0eec4856e /mm
parente09e6e2b6a5daf653794926ab50a784b14b6de53 (diff)
SLOB: fix bogus ksize calculation
SLOB's ksize calculation was braindamaged and generally harmlessly underreported the allocation size. But for very small buffers, it could in fact overreport them, leading code depending on krealloc to overrun the allocation and trample other data. Signed-off-by: Matt Mackall <mpm@selenic.com> Tested-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm')
-rw-r--r--mm/slob.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/mm/slob.c b/mm/slob.c
index 4c82dd41f32e..62b679dc660f 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -515,7 +515,7 @@ size_t ksize(const void *block)
515 515
516 sp = (struct slob_page *)virt_to_page(block); 516 sp = (struct slob_page *)virt_to_page(block);
517 if (slob_page(sp)) 517 if (slob_page(sp))
518 return ((slob_t *)block - 1)->units + SLOB_UNIT; 518 return (((slob_t *)block - 1)->units - 1) * SLOB_UNIT;
519 else 519 else
520 return sp->page.private; 520 return sp->page.private;
521} 521}