From b11b26bcaf711ad01d1a81943cca42f7ff40bfee Mon Sep 17 00:00:00 2001
From: "Urabe, Shyouhei" <shyouhei@ruby-lang.org>
Date: Wed, 24 Apr 2019 12:24:44 +0900
Subject: fix size of allocated memory

The size of `ptr` here is not the same as the variable `size`.
We were counting the size of header twice.
---
 transient_heap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'transient_heap.c')

diff --git a/transient_heap.c b/transient_heap.c
index eb94edabf7..1bc5094a09 100644
--- a/transient_heap.c
+++ b/transient_heap.c
@@ -408,7 +408,7 @@ rb_transient_heap_alloc(VALUE obj, size_t req_size)
             RB_DEBUG_COUNTER_INC(theap_alloc);
 
             /* ptr is set up; OK to unpoison. */
-            unpoison_memory_region(ptr, size, true);
+            unpoison_memory_region(ptr, size - sizeof *header, true);
             return ptr;
         }
         else {
-- 
cgit v1.2.3