]>
Commit | Line | Data |
---|---|---|
12788f63 MT |
1 | Index: glibc-2.12-2-gc4ccff1/malloc/arena.c |
2 | =================================================================== | |
3 | --- glibc-2.12-2-gc4ccff1.orig/malloc/arena.c | |
4 | +++ glibc-2.12-2-gc4ccff1/malloc/arena.c | |
5 | @@ -870,7 +870,7 @@ heap_trim(heap, pad) heap_info *heap; si | |
6 | heap = prev_heap; | |
7 | if(!prev_inuse(p)) { /* consolidate backward */ | |
8 | p = prev_chunk(p); | |
9 | - unlink(p, bck, fwd); | |
10 | + unlink(ar_ptr, p, bck, fwd); | |
11 | } | |
12 | assert(((unsigned long)((char*)p + new_size) & (pagesz-1)) == 0); | |
13 | assert( ((char*)p + new_size) == ((char*)heap + heap->size) ); | |
14 | Index: glibc-2.12-2-gc4ccff1/malloc/hooks.c | |
15 | =================================================================== | |
16 | --- glibc-2.12-2-gc4ccff1.orig/malloc/hooks.c | |
17 | +++ glibc-2.12-2-gc4ccff1/malloc/hooks.c | |
18 | @@ -219,7 +219,9 @@ top_check() | |
19 | (char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem))) | |
20 | return 0; | |
21 | ||
22 | + mutex_unlock(&main_arena); | |
23 | malloc_printerr (check_action, "malloc: top chunk is corrupt", t); | |
24 | + mutex_lock(&main_arena); | |
25 | ||
26 | /* Try to set up a new top chunk. */ | |
27 | brk = MORECORE(0); | |
28 | Index: glibc-2.12-2-gc4ccff1/malloc/malloc.c | |
29 | =================================================================== | |
30 | --- glibc-2.12-2-gc4ccff1.orig/malloc/malloc.c | |
31 | +++ glibc-2.12-2-gc4ccff1/malloc/malloc.c | |
32 | @@ -2109,12 +2109,14 @@ typedef struct malloc_chunk* mbinptr; | |
33 | #define last(b) ((b)->bk) | |
34 | ||
35 | /* Take a chunk off a bin list */ | |
36 | -#define unlink(P, BK, FD) { \ | |
37 | +#define unlink(AV, P, BK, FD) { \ | |
38 | FD = P->fd; \ | |
39 | BK = P->bk; \ | |
40 | - if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \ | |
41 | + if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) { \ | |
42 | + mutex_unlock(&(AV)->mutex); \ | |
43 | malloc_printerr (check_action, "corrupted double-linked list", P); \ | |
44 | - else { \ | |
45 | + mutex_lock(&(AV)->mutex); \ | |
46 | + } else { \ | |
47 | FD->bk = BK; \ | |
48 | BK->fd = FD; \ | |
49 | if (!in_smallbin_range (P->size) \ | |
50 | @@ -3257,7 +3259,9 @@ static Void_t* sYSMALLOc(nb, av) INTERNA | |
51 | ||
52 | else if (contiguous(av) && old_size && brk < old_end) { | |
53 | /* Oops! Someone else killed our space.. Can't touch anything. */ | |
54 | + mutex_unlock(&av->mutex); | |
55 | malloc_printerr (3, "break adjusted to free malloc space", brk); | |
56 | + mutex_lock(&av->mutex); | |
57 | } | |
58 | ||
59 | /* | |
60 | @@ -4305,7 +4309,9 @@ _int_malloc(mstate av, size_t bytes) | |
61 | { | |
62 | errstr = "malloc(): memory corruption (fast)"; | |
63 | errout: | |
64 | + mutex_unlock(&av->mutex); | |
65 | malloc_printerr (check_action, errstr, chunk2mem (victim)); | |
66 | + mutex_lock(&av->mutex); | |
67 | return NULL; | |
68 | } | |
69 | #ifndef ATOMIC_FASTBINS | |
70 | @@ -4393,8 +4399,12 @@ _int_malloc(mstate av, size_t bytes) | |
71 | bck = victim->bk; | |
72 | if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0) | |
73 | || __builtin_expect (victim->size > av->system_mem, 0)) | |
74 | - malloc_printerr (check_action, "malloc(): memory corruption", | |
75 | - chunk2mem (victim)); | |
76 | + { | |
77 | + void *p = chunk2mem(victim); | |
78 | + mutex_unlock(&av->mutex); | |
79 | + malloc_printerr (check_action, "malloc(): memory corruption", p); | |
80 | + mutex_lock(&av->mutex); | |
81 | + } | |
82 | size = chunksize(victim); | |
83 | ||
84 | /* | |
85 | @@ -4535,7 +4545,7 @@ _int_malloc(mstate av, size_t bytes) | |
86 | victim = victim->fd; | |
87 | ||
88 | remainder_size = size - nb; | |
89 | - unlink(victim, bck, fwd); | |
90 | + unlink(av, victim, bck, fwd); | |
91 | ||
92 | /* Exhaust */ | |
93 | if (remainder_size < MINSIZE) { | |
94 | @@ -4633,7 +4643,7 @@ _int_malloc(mstate av, size_t bytes) | |
95 | remainder_size = size - nb; | |
96 | ||
97 | /* unlink */ | |
98 | - unlink(victim, bck, fwd); | |
99 | + unlink(av, victim, bck, fwd); | |
100 | ||
101 | /* Exhaust */ | |
102 | if (remainder_size < MINSIZE) { | |
103 | @@ -4789,10 +4799,14 @@ _int_free(mstate av, mchunkptr p) | |
104 | errstr = "free(): invalid pointer"; | |
105 | errout: | |
106 | #ifdef ATOMIC_FASTBINS | |
107 | - if (! have_lock && locked) | |
108 | + if (have_lock || locked) | |
109 | (void)mutex_unlock(&av->mutex); | |
110 | #endif | |
111 | malloc_printerr (check_action, errstr, chunk2mem(p)); | |
112 | +#ifdef ATOMIC_FASTBINS | |
113 | + if (have_lock) | |
114 | + mutex_lock(&av->mutex); | |
115 | +#endif | |
116 | return; | |
117 | } | |
118 | /* We know that each chunk is at least MINSIZE bytes in size. */ | |
119 | @@ -4961,7 +4975,7 @@ _int_free(mstate av, mchunkptr p) | |
120 | prevsize = p->prev_size; | |
121 | size += prevsize; | |
122 | p = chunk_at_offset(p, -((long) prevsize)); | |
123 | - unlink(p, bck, fwd); | |
124 | + unlink(av, p, bck, fwd); | |
125 | } | |
126 | ||
127 | if (nextchunk != av->top) { | |
128 | @@ -4970,7 +4984,7 @@ _int_free(mstate av, mchunkptr p) | |
129 | ||
130 | /* consolidate forward */ | |
131 | if (!nextinuse) { | |
132 | - unlink(nextchunk, bck, fwd); | |
133 | + unlink(av, nextchunk, bck, fwd); | |
134 | size += nextsize; | |
135 | } else | |
136 | clear_inuse_bit_at_offset(nextchunk, 0); | |
137 | @@ -5158,7 +5172,7 @@ static void malloc_consolidate(av) mstat | |
138 | prevsize = p->prev_size; | |
139 | size += prevsize; | |
140 | p = chunk_at_offset(p, -((long) prevsize)); | |
141 | - unlink(p, bck, fwd); | |
142 | + unlink(av, p, bck, fwd); | |
143 | } | |
144 | ||
145 | if (nextchunk != av->top) { | |
146 | @@ -5166,7 +5180,7 @@ static void malloc_consolidate(av) mstat | |
147 | ||
148 | if (!nextinuse) { | |
149 | size += nextsize; | |
150 | - unlink(nextchunk, bck, fwd); | |
151 | + unlink(av, nextchunk, bck, fwd); | |
152 | } else | |
153 | clear_inuse_bit_at_offset(nextchunk, 0); | |
154 | ||
155 | @@ -5235,7 +5249,9 @@ _int_realloc(mstate av, mchunkptr oldp, | |
156 | { | |
157 | errstr = "realloc(): invalid old size"; | |
158 | errout: | |
159 | + mutex_unlock(&av->mutex); | |
160 | malloc_printerr (check_action, errstr, chunk2mem(oldp)); | |
161 | + mutex_lock(&av->mutex); | |
162 | return NULL; | |
163 | } | |
164 | ||
165 | @@ -5282,7 +5298,7 @@ _int_realloc(mstate av, mchunkptr oldp, | |
166 | (unsigned long)(newsize = oldsize + nextsize) >= | |
167 | (unsigned long)(nb)) { | |
168 | newp = oldp; | |
169 | - unlink(next, bck, fwd); | |
170 | + unlink(av, next, bck, fwd); | |
171 | } | |
172 | ||
173 | /* allocate, copy, free */ |