From e32da5559962c6131e1f933a245526d699d45cf6 Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi92@disroot.org>
Date: Wed, 12 Nov 2025 00:42:32 +0100
Subject: Fix buffer overflow on ta_realloc

When reallocating a buffer to one with a smaller size, the number of
elements to be copied to the new buffer must not be that of the old
buffer, or the behaviour is undefined.
---
 tinyalloc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tinyalloc.c b/tinyalloc.c
index 1c53567..ba3f916 100644
--- a/tinyalloc.c
+++ b/tinyalloc.c
@@ -287,7 +287,9 @@ void *ta_realloc(void *ptr, size_t n) {
     if (!new)
         return NULL;
 
-    for (size_t i = 0; i < prev->size; i++)
+    const size_t size = n > prev->size ? prev->size : n;
+
+    for (size_t i = 0; i < size; i++)
         *p++ = *src++;
 
     ta_free(prev->addr);
-- 
cgit v1.2.3