When allocating the slab, the code accidentally computed the array size from s->slab (an elemtype**). The slab is an array of elemtype*, however, so we should take the size of *s->slab. Noticed-by: Nguyễn Thái Ngọc Duy <pclouds@xxxxxxxxx> Signed-off-by: Thomas Rast <tr@xxxxxxxxxxxxx> --- [I hope this comes through clean. git-send-email is currently broken for me, and I'm still investigating, so I have to kludge around it.] I browsed around for a while, and couldn't find out whether any architecture actually has any hope of running git (i.e. is at least mostly POSIX conformant) but still violates the assumption that all pointers[*] are the same size. The comp.lang.c FAQ has some interesting examples of wildly different pointer representations at: http://c-faq.com/null/machexamp.html Consider the cases mentioned there where void* and char* have different representations from, e.g., int*. Then if elemtype is char, the slab will be too small before this patch. But I have no idea if any of those are POSIXish. One interesting, though orthogonal, tidbit is that POSIX actually requires _function_ pointers to have the same representation as void*. >From the specification of dlsym(), which depends on this to be able to return function pointers: RATIONALE [...] Indeed, the ISO C standard does not require that an object of type void * can hold a pointer to a function. Implementations supporting the XSI extension, however, do require that an object of type void * can hold a pointer to a function. Thank god for POSIX. So much craziness averted. [*] Note that C++ method pointers are yet another story. This only applies to the kinds of pointers that C supports. commit-slab.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commit-slab.h b/commit-slab.h index d068e2d..cc114b5 100644 --- a/commit-slab.h +++ b/commit-slab.h @@ -91,7 +91,7 @@ struct slabname { \ if (s->slab_count <= nth_slab) { \ int i; \ s->slab = xrealloc(s->slab, \ - (nth_slab + 1) * sizeof(s->slab)); \ + (nth_slab + 1) * sizeof(*s->slab)); \ stat_ ##slabname## realloc++; \ for (i = s->slab_count; i <= nth_slab; i++) \ s->slab[i] = NULL; \ -- 1.8.5.427.g6d3141d -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html