From 710111cc7c58f9b51be949fb9a30487372af5dd9 Mon Sep 17 00:00:00 2001
From: Chris Fallin <cfallin@google.com>
Date: Thu, 14 May 2015 18:05:39 -0700
Subject: Bugfix: seeded_alloc() should not realloc() user-provided memory.

---
 upb/env.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'upb')

diff --git a/upb/env.c b/upb/env.c
index 7fa3334..0d14653 100644
--- a/upb/env.c
+++ b/upb/env.c
@@ -211,6 +211,8 @@ static size_t align_up(size_t size) {
 
 UPB_FORCEINLINE static void *seeded_alloc(void *ud, void *ptr, size_t oldsize,
                                           size_t size) {
+  UPB_UNUSED(ptr);
+
   upb_seededalloc *a = ud;
   size = align_up(size);
 
@@ -224,7 +226,14 @@ UPB_FORCEINLINE static void *seeded_alloc(void *ud, void *ptr, size_t oldsize,
   } else {
     // Slow path: fallback to other allocator.
     a->need_cleanup = true;
-    return a->alloc(a->alloc_ud, ptr, oldsize, size);
+    // Is `ptr` part of the user-provided initial block? Don't pass it to the
+    // default allocator if so; otherwise, it may try to realloc() the block.
+    char *chptr = ptr;
+    if (chptr >= a->mem_base && chptr < a->mem_limit) {
+      return a->alloc(a->alloc_ud, NULL, 0, size);
+    } else {
+      return a->alloc(a->alloc_ud, ptr, oldsize, size);
+    }
   }
 }
 
-- 
cgit v1.2.3