From 06f034af5709d003d270b191a6988de2de2e50ab Mon Sep 17 00:00:00 2001 From: avg Date: Tue, 3 Dec 2019 09:48:43 +0000 Subject: [PATCH] devstat_selectdevs: resize dev_select only after copying data out of it The resizing could be a downsizing so some data would be lost and we could attempt to read past the end of the new memory allocation. MFC after: 2 weeks Sponsored by: Panzura --- lib/libdevstat/devstat.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/libdevstat/devstat.c b/lib/libdevstat/devstat.c index 2da7eafa4fd..047a2a79204 100644 --- a/lib/libdevstat/devstat.c +++ b/lib/libdevstat/devstat.c @@ -584,10 +584,10 @@ devstat_selectdevs(struct device_selection **dev_select, int *num_selected, * In this case, we have selected devices before, but the device * list has changed since we last selected devices, so we need to * either enlarge or reduce the size of the device selection list. + * But delay the resizing until after copying the data to old_dev_select + * as to not lose any data in the case of reducing the size. */ } else if (*num_selections != numdevs) { - *dev_select = (struct device_selection *)reallocf(*dev_select, - numdevs * sizeof(struct device_selection)); *select_generation = current_generation; init_selections = 1; /* @@ -645,6 +645,11 @@ devstat_selectdevs(struct device_selection **dev_select, int *num_selected, sizeof(struct device_selection) * *num_selections); } + if (!changed && *num_selections != numdevs) { + *dev_select = (struct device_selection *)reallocf(*dev_select, + numdevs * sizeof(struct device_selection)); + } + if (init_selections != 0) { bzero(*dev_select, sizeof(struct device_selection) * numdevs); -- 2.45.0