From 41c337e88b80938bcd36c1636bba246a2a61d6e1 Mon Sep 17 00:00:00 2001
From: Andrew Jeffery <andrew@aj.id.au>
Date: Mon, 13 Aug 2018 23:30:16 +0930
Subject: windows: Always allocate a default-size dirty byte map

The current strategy caused memory corruption if windows are down-sized
from the default when a dirty-byte-map reallocation is triggered, as the
code would only allocate a dirty byte map of the current size. When the
window is resized up a gain the dirty byte map buffer is too small, and
we write off the end.

Instead, always allocate a byte map of the default window size which is
the largest the window can be.

Change-Id: I6f8dc414fb26c64e4947d5a19d6b795ead36e180
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
---
 windows.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows.c b/windows.c
index b11ea4a..3d3104a 100644
--- a/windows.c
+++ b/windows.c
@@ -344,7 +344,7 @@ void windows_alloc_dirty_bytemap(struct mbox_context *context)
 		/* There may already be one allocated */
 		free(cur->dirty_bmap);
 		/* Allocate the new one */
-		cur->dirty_bmap = calloc((cur->size >>
+		cur->dirty_bmap = calloc((context->windows.default_size >>
 					  context->block_size_shift),
 					 sizeof(*cur->dirty_bmap));
 	}
-- 
cgit v1.2.1