This is the mail archive of the libc-hacker@sourceware.org mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi!
Seems
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/malloc.c.diff?cvsroot=glibc&r1=1.164&r2=1.165
fixed just one of the two places in _int_malloc which assumed
unsorted_chunks is an empty double-linked list.
This one was seen in jc1, see http://bugzilla.redhat.com/204653
2006-08-31 Jakub Jelinek <jakub@redhat.com>
* malloc/malloc.c (_int_malloc): Use full list insert and not
shortcut which assumes the list is empty for large requests
too.
--- libc/malloc/malloc.c.jj 2006-08-31 15:31:36.000000000 +0200
+++ libc/malloc/malloc.c 2006-08-31 16:29:30.000000000 +0200
@@ -4230,8 +4230,14 @@ _int_malloc(mstate av, size_t bytes)
/* Split */
else {
remainder = chunk_at_offset(victim, nb);
- unsorted_chunks(av)->bk = unsorted_chunks(av)->fd = remainder;
- remainder->bk = remainder->fd = unsorted_chunks(av);
+ /* We cannot assume the unsorted list is empty and therefore
+ have to perform a complete insert here. */
+ bck = unsorted_chunks(av);
+ fwd = bck->fd;
+ remainder->bk = bck;
+ remainder->fd = fwd;
+ bck->fd = remainder;
+ fwd->bk = remainder;
set_head(victim, nb | PREV_INUSE |
(av != &main_arena ? NON_MAIN_ARENA : 0));
set_head(remainder, remainder_size | PREV_INUSE);
Jakub
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |