This is a note to let you know that I've just added the patch titled
tools/nolibc/stdlib: fix memory error in realloc()
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
tools-nolibc-stdlib-fix-memory-error-in-realloc.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 791f4641142e2aced85de082e5783b4fb0b977c2 Mon Sep 17 00:00:00 2001
From: Brennan Xavier McManus <bxmcmanus@xxxxxxxxx>
Date: Tue, 9 Jan 2024 18:44:02 -0500
Subject: tools/nolibc/stdlib: fix memory error in realloc()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Brennan Xavier McManus <bxmcmanus@xxxxxxxxx>
commit 791f4641142e2aced85de082e5783b4fb0b977c2 upstream.
Pass user_p_len to memcpy() instead of heap->len to prevent realloc()
from copying an extra sizeof(heap) bytes from beyond the allocated
region.
Signed-off-by: Brennan Xavier McManus <bxmcmanus@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Ammar Faizi <ammarfaizi2@xxxxxxxxxxx>
Fixes: 0e0ff638400be8f497a35b51a4751fd823f6bd6a ("tools/nolibc/stdlib: Implement `malloc()`, `calloc()`, `realloc()` and `free()`")
Signed-off-by: Willy Tarreau <w@xxxxxx>
Signed-off-by: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
tools/include/nolibc/stdlib.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/include/nolibc/stdlib.h
+++ b/tools/include/nolibc/stdlib.h
@@ -166,7 +166,7 @@ void *realloc(void *old_ptr, size_t new_
if (__builtin_expect(!ret, 0))
return NULL;
- memcpy(ret, heap->user_p, heap->len);
+ memcpy(ret, heap->user_p, user_p_len);
munmap(heap, heap->len);
return ret;
}
Patches currently in stable-queue which might be from bxmcmanus@xxxxxxxxx are
queue-6.1/tools-nolibc-stdlib-fix-memory-error-in-realloc.patch
