From 58f5f42180d51e34050f09be39f3a1be1579e5bb Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Wed, 11 Apr 2007 22:52:20 +0000
Subject: POSIX says you can use realloc() to shrink buffers ... make sure we
 dont trigger a buffer overflow in that case

---
 libc/stdlib/malloc-simple/alloc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libc/stdlib/malloc-simple')

diff --git a/libc/stdlib/malloc-simple/alloc.c b/libc/stdlib/malloc-simple/alloc.c
index 321f31932..6689ef409 100644
--- a/libc/stdlib/malloc-simple/alloc.c
+++ b/libc/stdlib/malloc-simple/alloc.c
@@ -91,7 +91,8 @@ void *realloc(void *ptr, size_t size)
 
 	newptr = malloc(size);
 	if (newptr) {
-		memcpy(newptr, ptr, *((size_t *) (ptr - sizeof(size_t))));
+		size_t old_size = *((size_t *) (ptr - sizeof(size_t)));
+		memcpy(newptr, ptr, (old_size < size ? old_size : size));
 		free(ptr);
 	}
 	return newptr;
-- 
cgit v1.2.3