Possible bug in apr_rmm_realloc. When calculating the value of blk, it looks like it should be:
blk = (rmm_block_t*)((char*)rmm->base + old - RMM_BLOCK_SIZE); instead of blk = (rmm_block_t*)((char*)rmm->base + old); otherwise blk is pointing at the caller's data. Keith
