commit 974c6916ba2f7efc83193bb8c04e95294ca21112
Author: Christopher Faulet <cfaulet@haproxy.com>
Date:   Fri Jul 26 13:52:13 2019 +0200

    BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
    
    When the number of nodes is increased because the server weight is changed, the
    nodes array must be realloc. But its new size is not correctly set. Only the
    total number of nodes is used to set the new size. But it must also depends on
    the size of a node. It must be the total nomber of nodes times the size of a
    node.
    
    This issue was reported on Github (#189).
    
    This patch must be backported to all versions since the 1.6.
    
    (cherry picked from commit 366ad86af72c455cc958943913cb2de20eefee71)
    Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/lb_chash.c b/src/lb_chash.c
index a35351e9..0bf4e81a 100644
--- a/src/lb_chash.c
+++ b/src/lb_chash.c
@@ -84,7 +84,7 @@ static inline void chash_queue_dequeue_srv(struct server *s)
 	 * increased the weight beyond the original weight
 	 */
 	if (s->lb_nodes_tot < s->next_eweight) {
-		struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight);
+		struct tree_occ *new_nodes = realloc(s->lb_nodes, s->next_eweight * sizeof(*new_nodes));
 
 		if (new_nodes) {
 			unsigned int j;