Don't memcpy too far whem drm_realloc() is called with a smaller size.

This was never noticed since it's always used with a larger size.

Noticed by Stephane Marchesin.

diff --git a/sys/dev/pci/drm/drm_memory.c b/sys/dev/pci/drm/drm_memory.c
index 9182811..81dc4a1 100644 (file)
--- a/sys/dev/pci/drm/drm_memory.c
+++ b/sys/dev/pci/drm/drm_memory.c
@@ -72,7 +72,7 @@ drm_realloc(void *oldpt, size_t oldsize, size_t size, int area)
        if (pt == NULL)
                return NULL;
        if (oldpt && oldsize) {
-               memcpy(pt, oldpt, oldsize);
+               memcpy(pt, oldpt, min(oldsize, size));
                free(oldpt, M_DRM);
        }
        return pt;