From 817c2ca4f1ad28ca2cfab5c920214c2ed1d59a13 Mon Sep 17 00:00:00 2001
From: Danny Auble <da@schedmd.com>
Date: Tue, 6 Dec 2016 14:31:21 -0700
Subject: [PATCH] Fix possible memory corruption if a job is using GRES and
 changing size.

Bug 3258
---
 NEWS              | 1 +
 src/common/gres.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 7b1eaf6edfa..05c6eadfef2 100644
--- a/NEWS
+++ b/NEWS
@@ -73,6 +73,7 @@ documents those changes that are of interest to users and administrators.
  -- Fix parsing in regression test1.92 for some prompts.
  -- sbcast - use slurmd's gid cache rather than a separate lookup.
  -- slurmd - return error if setgroups() call fails in _drop_privileges().
+ -- Fix possible memory corruption if a job is using GRES and changing size.
 
 * Changes in Slurm 16.05.6
 ==========================
diff --git a/src/common/gres.c b/src/common/gres.c
index daf1ab22267..18d4177ceda 100644
--- a/src/common/gres.c
+++ b/src/common/gres.c
@@ -4185,7 +4185,7 @@ static int _job_alloc(void *job_gres_data, void *node_gres_data,
 	}
 
 	if (!node_offset && job_gres_ptr->gres_cnt_step_alloc) {
-		uint64_t *tmp = xmalloc(sizeof(uint64_t) * job_gres_ptr->node_cnt);
+		uint64_t *tmp = xmalloc(sizeof(uint64_t) * node_cnt);
 		memcpy(tmp, job_gres_ptr->gres_cnt_step_alloc,
 		       sizeof(uint64_t) * MIN(node_cnt,
 					      job_gres_ptr->node_cnt));
@@ -4194,7 +4194,7 @@ static int _job_alloc(void *job_gres_data, void *node_gres_data,
 	}
 	if (job_gres_ptr->gres_cnt_step_alloc == NULL) {
 		job_gres_ptr->gres_cnt_step_alloc =
-			xmalloc(sizeof(uint64_t) * job_gres_ptr->node_cnt);
+			xmalloc(sizeof(uint64_t) * node_cnt);
 	}
 
 	/*
-- 
GitLab