6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Brennan Xavier McManus <bxmcmanus@xxxxxxxxx>
commit 791f4641142e2aced85de082e5783b4fb0b977c2 upstream.
Pass user_p_len to memcpy() instead of heap->len to prevent realloc()
from copying an extra sizeof(heap) bytes from beyond the allocated
region.
Signed-off-by: Brennan Xavier McManus <bxmcmanus@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Ammar Faizi <ammarfaizi2@xxxxxxxxxxx>
Fixes: 0e0ff638400be8f497a35b51a4751fd823f6bd6a ("tools/nolibc/stdlib: Implement `malloc()`, `calloc()`, `realloc()` and `free()`")
Signed-off-by: Willy Tarreau <w@xxxxxx>
Signed-off-by: Thomas Weißschuh <linux@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
tools/include/nolibc/stdlib.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/include/nolibc/stdlib.h
+++ b/tools/include/nolibc/stdlib.h
@@ -166,7 +166,7 @@ void *realloc(void *old_ptr, size_t new_
if (__builtin_expect(!ret, 0))
return NULL;
- memcpy(ret, heap->user_p, heap->len);
+ memcpy(ret, heap->user_p, user_p_len);
munmap(heap, heap->len);
return ret;
}
