From c2eead9629b60a394aa61e6f96b89647eddce1ea Mon Sep 17 00:00:00 2001
From: Jonathan Marler <johnnymarler@gmail.com>
Date: Sun, 28 Jun 2020 14:33:41 -0600
Subject: [PATCH] Fix issue 5741, use after free

---
 lib/std/heap.zig | 5 +++++
 lib/std/mem.zig  | 3 ---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/std/heap.zig b/lib/std/heap.zig
index 260841ad2..ea9e95c67 100644
--- a/lib/std/heap.zig
+++ b/lib/std/heap.zig
@@ -714,6 +714,11 @@ test "PageAllocator" {
         slice[127] = 0x34;
         allocator.free(slice);
     }
+    {
+        var buf = try allocator.alloc(u8, mem.page_size + 1);
+        defer allocator.free(buf);
+        buf = try allocator.realloc(buf, 1); // shrink past the page boundary
+    }
 }
 
 test "HeapAllocator" {
diff --git a/lib/std/mem.zig b/lib/std/mem.zig
index bf1e00005..6bde83f78 100644
--- a/lib/std/mem.zig
+++ b/lib/std/mem.zig
@@ -116,9 +116,6 @@ pub const Allocator = struct {
         if (isAligned(@ptrToInt(old_mem.ptr), new_alignment)) {
             if (new_byte_count <= old_mem.len) {
                 const shrunk_len = self.shrinkBytes(old_mem, new_byte_count, len_align);
-                if (shrunk_len < old_mem.len) {
-                    @memset(old_mem.ptr + shrunk_len, undefined, old_mem.len - shrunk_len);
-                }
                 return old_mem.ptr[0..shrunk_len];
             }
             if (self.callResizeFn(old_mem, new_byte_count, len_align)) |resized_len| {