Mail Archives: djgpp-workers/2003/11/18/09:30:18
I have found two separate bugs in nmalloc's memalign. First is that
sbrkxtra needs to be large enough to hold two memblock headers and
adding alignment just once might not be sufficient if alignment is very
small. The below patch fixes this (changing split isn't strictly
necessary, but I think it's good to check the size both ways).
*** nmalloc.c.orig Tue Nov 18 11:12:53 2003
--- nmalloc.c Tue Nov 18 11:15:25 2003
***************
*** 588,594 ****
m = *mp;
m1 = (memblockp)((char *)m + sz);
! if (m->sz < (sz + DATAOFFSET)) {
badcallabort("memblockpsz", 11, m);
exit(EXIT_FAILURE); /* prevent user trapping SIGABRT */
}
--- 588,594 ----
m = *mp;
m1 = (memblockp)((char *)m + sz);
! if ((sz < DATAOFFSET) || (m->sz < (sz + DATAOFFSET))) {
badcallabort("memblockpsz", 11, m);
exit(EXIT_FAILURE); /* prevent user trapping SIGABRT */
}
***************
*** 1115,1121 ****
do {
sbrkxtra = ((ulong)lastsbrk + alignmask)
& alignmask;
! if (sbrkxtra < DATAOFFSET)
sbrkxtra += alignment;
m1 = lastsbrk;
m = extendsbrk(sbrkxtra + szneed);
--- 1115,1121 ----
do {
sbrkxtra = ((ulong)lastsbrk + alignmask)
& alignmask;
! while (sbrkxtra < 2 * DATAOFFSET)
sbrkxtra += alignment;
m1 = lastsbrk;
m = extendsbrk(sbrkxtra + szneed);
The second bug is that apparently searchblock should always fail, but
actually it can succeed, and if it does, memalign just returns the block
without marking it as non-free. As a result the same memory can be
"allocated" over and over again, which is not very good. The only real
fix to this bug is to write the code to handle success from searchblock.
--
Esa Peuha
student of mathematics at the University of Helsinki
http://www.helsinki.fi/~peuha/
- Raw text -