X-Authentication-Warning: delorie.com: mail set sender to djgpp-workers-bounces using -f
Date: Tue, 18 Nov 2003 11:40:20 +0200 (EET)
From: Esa A E Peuha <peuha AT cc DOT helsinki DOT fi>
Sender: peuha AT sirppi DOT helsinki DOT fi
To: cbfalconer AT worldnet DOT att DOT net
cc: djgpp-workers AT delorie DOT com
Subject: Bugs in nmalloc
Message-ID: <Pine.OSF.4.58.0311181117210.22243@sirppi.helsinki.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Reply-To: djgpp-workers AT delorie DOT com

I have found two separate bugs in nmalloc's memalign.  First is that
sbrkxtra needs to be large enough to hold two memblock headers and
adding alignment just once might not be sufficient if alignment is very
small.  The below patch fixes this (changing split isn't strictly
necessary, but I think it's good to check the size both ways).

*** nmalloc.c.orig	Tue Nov 18 11:12:53 2003
--- nmalloc.c	Tue Nov 18 11:15:25 2003
***************
*** 588,594 ****

     m = *mp;
     m1 = (memblockp)((char *)m + sz);
!    if (m->sz < (sz + DATAOFFSET)) {
        badcallabort("memblockpsz", 11, m);
        exit(EXIT_FAILURE);  /* prevent user trapping SIGABRT */
     }
--- 588,594 ----

     m = *mp;
     m1 = (memblockp)((char *)m + sz);
!    if ((sz < DATAOFFSET) || (m->sz < (sz + DATAOFFSET))) {
        badcallabort("memblockpsz", 11, m);
        exit(EXIT_FAILURE);  /* prevent user trapping SIGABRT */
     }
***************
*** 1115,1121 ****
              do {
                 sbrkxtra = ((ulong)lastsbrk + alignmask)
                             & alignmask;
!                if (sbrkxtra < DATAOFFSET)
                    sbrkxtra += alignment;
                 m1 = lastsbrk;
                 m = extendsbrk(sbrkxtra + szneed);
--- 1115,1121 ----
              do {
                 sbrkxtra = ((ulong)lastsbrk + alignmask)
                             & alignmask;
!                while (sbrkxtra < 2 * DATAOFFSET)
                    sbrkxtra += alignment;
                 m1 = lastsbrk;
                 m = extendsbrk(sbrkxtra + szneed);

The second bug is that apparently searchblock should always fail, but
actually it can succeed, and if it does, memalign just returns the block
without marking it as non-free.  As a result the same memory can be
"allocated" over and over again, which is not very good.  The only real
fix to this bug is to write the code to handle success from searchblock.

-- 
Esa Peuha
student of mathematics at the University of Helsinki
http://www.helsinki.fi/~peuha/