Changeset 784

Show
Ignore:
Timestamp:
06/23/08 04:05:08 (2 months ago)
Author:
dormando
Message:

Fix freesuffix corruption.

When attempting to grow the freesuffix storage, the realloc is sized
to the number of bytes in freesuffixtotal instead of a number of
pointers of that size.

That is, the original malloc is for

sizeof(char *) * freesuffixtotal

but the realloc for growth was

freesuffixtotal * 2

On a 32-bit machine, this would have the effect of freeing half of
the freelist when an attempt was made to grow it.

The realloc is now consistent with the initial malloc.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/server/memcached.c

    r783 r784  
    594594    } else { 
    595595        /* try to enlarge free connections array */ 
    596         char **new_freesuffix = realloc(freesuffix, freesuffixtotal * 2); 
     596        char **new_freesuffix = realloc(freesuffix, 
     597            sizeof(char *) * freesuffixtotal * 2); 
    597598        if (new_freesuffix) { 
    598599            freesuffixtotal *= 2;