Fix freesuffix corruption.

dustin · dustin · commit 6ec16c4ad2e8 · 2008-06-13T09:01:12.000-07:00
When attempting to grow the freesuffix storage, the realloc is sized
to the number of bytes in freesuffixtotal instead of a number of
pointers of that size.

That is, the original malloc is for

  sizeof(char *) * freesuffixtotal

but the realloc for growth was

  freesuffixtotal * 2

On a 32-bit machine, this would have the effect of freeing half of
the freelist when an attempt was made to grow it.

The realloc is now consistent with the initial malloc.
diff --git a/memcached.c b/memcached.c
@@ -593,7 +593,8 @@ bool do_suffix_add_to_freelist(char *s) {
         return false;
     } else {
         /* try to enlarge free connections array */
-        char **new_freesuffix = realloc(freesuffix, freesuffixtotal * 2);
+        char **new_freesuffix = realloc(freesuffix,
+            sizeof(char *) * freesuffixtotal * 2);
         if (new_freesuffix) {
             freesuffixtotal *= 2;
             freesuffix = new_freesuffix;
