[Bug 291677] FreeBSD 15.0 realloc does not set errno for large size values
Date: Mon, 15 Dec 2025 12:03:19 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291677
Brooks Davis <brooks@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|kern |bin
CC| |brooks@FreeBSD.org
Assignee|bugs@FreeBSD.org |brooks@FreeBSD.org
--- Comment #1 from Brooks Davis <brooks@FreeBSD.org> ---
Sigh. It looks like jemalloc refactored realloc() to use rallocx's internals
in the common case and didn't account for the need to set errno. The following
untested patch likely fixes it (it might not be the best fix, but I think it
does the job). Over all this doesn't give me great confidence in the
correctness of this whole update. :(
```
diff --git a/contrib/jemalloc/src/jemalloc.c b/contrib/jemalloc/src/jemalloc.c
index e4b183d1a24d..30ad6bab44f0 100644
--- a/contrib/jemalloc/src/jemalloc.c
+++ b/contrib/jemalloc/src/jemalloc.c
@@ -3630,11 +3630,9 @@ je_realloc(void *ptr, size_t size) {
if (likely(ptr != NULL && size != 0)) {
void *ret = do_rallocx(ptr, size, 0, true);
LOG("core.realloc.exit", "result: %p", ret);
- return ret;
} else if (ptr != NULL && size == 0) {
void *ret = do_realloc_nonnull_zero(ptr);
LOG("core.realloc.exit", "result: %p", ret);
- return ret;
} else {
/* realloc(NULL, size) is equivalent to malloc(size). */
void *ret;
@@ -3663,6 +3661,12 @@ je_realloc(void *ptr, size_t size) {
LOG("core.realloc.exit", "result: %p", ret);
return ret;
}
+
+ if (unlikely(ret == NULL)) {
+ set_errno(ENOMEM);
+ }
+
+ return ret;
}
JEMALLOC_ALWAYS_INLINE size_t
```
(Category reset to bin as this isn't a kernel issue)
--
You are receiving this mail because:
You are the assignee for the bug.