From 131bcbfdc1cfd54619517df0ec9776325cf9d7c9 Mon Sep 17 00:00:00 2001
From: otto <>
Date: Mon, 10 Jul 2017 09:44:16 +0000
Subject: [PATCH] one more instance of the previous commit; also initialize
 ->offset to a definite value in the size == 0 case

---
 src/lib/libc/stdlib/malloc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c
index dc2c7b15..22f83f35 100644
--- a/src/lib/libc/stdlib/malloc.c
+++ b/src/lib/libc/stdlib/malloc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.227 2017/07/07 19:14:46 otto Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.228 2017/07/10 09:44:16 otto Exp $	*/
 /*
  * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
  * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@@ -886,6 +886,7 @@ omalloc_make_chunks(struct dir_info *d, int bits, int listnum)
 		while (i >>= 1)
 			bp->shift++;
 		bp->total = bp->free = MALLOC_PAGESIZE >> bp->shift;
+		bp->offset = 0xdead;
 		bp->page = pp;
 
 		k = mprotect(pp, MALLOC_PAGESIZE, PROT_NONE);
@@ -1793,7 +1794,7 @@ orecallocarray(struct dir_info *argpool, void *p, size_t oldsize,
 
 	REALSIZE(sz, r);
 	if (sz <= MALLOC_MAXCHUNK) {
-		if (mopts.chunk_canaries) {
+		if (mopts.chunk_canaries && sz > 0) {
 			struct chunk_info *info = (struct chunk_info *)r->size;
 			uint32_t chunknum = find_chunknum(pool, r, p, 0);