From 6d8075f1e6e72ee274832f1164c164f713788e34 Mon Sep 17 00:00:00 2001
From: Mike Hommey <mh@glandium.org>
Date: Thu, 27 Aug 2015 20:30:15 -0700
Subject: [PATCH] Fix chunk purge hook calls for in-place huge shrinking
 reallocation.

Fix chunk purge hook calls for in-place huge shrinking reallocation to
specify the old chunk size rather than the new chunk size.  This bug
caused no correctness issues for the default chunk purge function, but
was visible to custom functions set via the "arena.<i>.chunk_hooks"
mallctl.

This resolves #264.
---
 ChangeLog  | 4 ++++
 src/huge.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 17f6538c..53d9caf8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,10 @@ brevity.  Much more detail can be found in the git revision history:
   - Add JEMALLOC_CXX_THROW to the memalign() function prototype, in order to
     match glibc and avoid compilation errors when including both
     jemalloc/jemalloc.h and malloc.h in C++ code.
+  - Fix chunk purge hook calls for in-place huge shrinking reallocation to
+    specify the old chunk size rather than the new chunk size.  This bug caused
+    no correctness issues for the default chunk purge function, but was
+    visible to custom functions set via the "arena.<i>.chunk_hooks" mallctl.
 
 * 4.0.0 (August 17, 2015)
 
diff --git a/src/huge.c b/src/huge.c
index 54c2114c..f49a9376 100644
--- a/src/huge.c
+++ b/src/huge.c
@@ -149,7 +149,7 @@ huge_ralloc_no_move_similar(void *ptr, size_t oldsize, size_t usize,
 	if (oldsize > usize) {
 		size_t sdiff = oldsize - usize;
 		zeroed = !chunk_purge_wrapper(arena, &chunk_hooks, ptr,
-		    CHUNK_CEILING(usize), usize, sdiff);
+		    CHUNK_CEILING(oldsize), usize, sdiff);
 		if (config_fill && unlikely(opt_junk_free)) {
 			memset((void *)((uintptr_t)ptr + usize), 0x5a, sdiff);
 			zeroed = false;
@@ -204,7 +204,7 @@ huge_ralloc_no_move_shrink(void *ptr, size_t oldsize, size_t usize)
 		size_t sdiff = oldsize - usize;
 		zeroed = !chunk_purge_wrapper(arena, &chunk_hooks,
 		    CHUNK_ADDR2BASE((uintptr_t)ptr + usize),
-		    CHUNK_CEILING(usize), CHUNK_ADDR2OFFSET((uintptr_t)ptr +
+		    CHUNK_CEILING(oldsize), CHUNK_ADDR2OFFSET((uintptr_t)ptr +
 		    usize), sdiff);
 		if (config_fill && unlikely(opt_junk_free)) {
 			huge_dalloc_junk((void *)((uintptr_t)ptr + usize),