1 Index: glibc-2.12-2-gc4ccff1/malloc/arena.c
2 ===================================================================
3 --- glibc-2.12-2-gc4ccff1.orig/malloc/arena.c
4 +++ glibc-2.12-2-gc4ccff1/malloc/arena.c
5 @@ -870,7 +870,7 @@ heap_trim(heap, pad) heap_info *heap; si
7 if(!prev_inuse(p)) { /* consolidate backward */
10 + unlink(ar_ptr, p, bck, fwd);
12 assert(((unsigned long)((char*)p + new_size) & (pagesz-1)) == 0);
13 assert( ((char*)p + new_size) == ((char*)heap + heap->size) );
14 Index: glibc-2.12-2-gc4ccff1/malloc/hooks.c
15 ===================================================================
16 --- glibc-2.12-2-gc4ccff1.orig/malloc/hooks.c
17 +++ glibc-2.12-2-gc4ccff1/malloc/hooks.c
18 @@ -219,7 +219,9 @@ top_check()
19 (char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem)))
22 + mutex_unlock(&main_arena);
23 malloc_printerr (check_action, "malloc: top chunk is corrupt", t);
24 + mutex_lock(&main_arena);
26 /* Try to set up a new top chunk. */
28 Index: glibc-2.12-2-gc4ccff1/malloc/malloc.c
29 ===================================================================
30 --- glibc-2.12-2-gc4ccff1.orig/malloc/malloc.c
31 +++ glibc-2.12-2-gc4ccff1/malloc/malloc.c
32 @@ -1541,12 +1541,14 @@
33 #define last(b) ((b)->bk)
35 /* Take a chunk off a bin list */
36 -#define unlink(P, BK, FD) { \
37 +#define unlink(AV, P, BK, FD) { \
40 - if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
41 + if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) { \
42 + mutex_unlock(&(AV)->mutex); \
43 malloc_printerr (check_action, "corrupted double-linked list", P); \
45 + mutex_lock(&(AV)->mutex); \
49 if (!in_smallbin_range (P->size) \
52 else if (contiguous(av) && old_size && brk < old_end) {
53 /* Oops! Someone else killed our space.. Can't touch anything. */
54 + mutex_unlock(&av->mutex);
55 malloc_printerr (3, "break adjusted to free malloc space", brk);
56 + mutex_lock(&av->mutex);
62 errstr = "malloc(): memory corruption (fast)";
64 + mutex_unlock(&av->mutex);
65 malloc_printerr (check_action, errstr, chunk2mem (victim));
66 + mutex_lock(&av->mutex);
69 check_remalloced_chunk(av, victim, nb);
70 @@ -3552,8 +3558,12 @@
72 if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0)
73 || __builtin_expect (victim->size > av->system_mem, 0))
74 - malloc_printerr (check_action, "malloc(): memory corruption",
75 - chunk2mem (victim));
77 + void *p = chunk2mem(victim);
78 + mutex_unlock(&av->mutex);
79 + malloc_printerr (check_action, "malloc(): memory corruption", p);
80 + mutex_lock(&av->mutex);
82 size = chunksize(victim);
88 remainder_size = size - nb;
89 - unlink(victim, bck, fwd);
90 + unlink(av, victim, bck, fwd);
93 if (remainder_size < MINSIZE) {
95 remainder_size = size - nb;
98 - unlink(victim, bck, fwd);
99 + unlink(av, victim, bck, fwd);
102 if (remainder_size < MINSIZE) {
103 @@ -3927,9 +3937,11 @@
105 errstr = "free(): invalid pointer";
107 - if (! have_lock && locked)
108 + if (have_lock || locked)
109 (void)mutex_unlock(&av->mutex);
110 malloc_printerr (check_action, errstr, chunk2mem(p));
112 + mutex_lock(&av->mutex);
115 /* We know that each chunk is at least MINSIZE bytes in size. */
116 @@ -4073,7 +4085,7 @@
117 prevsize = p->prev_size;
119 p = chunk_at_offset(p, -((long) prevsize));
120 - unlink(p, bck, fwd);
121 + unlink(av, p, bck, fwd);
124 if (nextchunk != av->top) {
125 @@ -4082,7 +4094,7 @@
127 /* consolidate forward */
129 - unlink(nextchunk, bck, fwd);
130 + unlink(av, nextchunk, bck, fwd);
133 clear_inuse_bit_at_offset(nextchunk, 0);
134 @@ -4243,7 +4255,7 @@
135 prevsize = p->prev_size;
137 p = chunk_at_offset(p, -((long) prevsize));
138 - unlink(p, bck, fwd);
139 + unlink(av, p, bck, fwd);
142 if (nextchunk != av->top) {
143 @@ -4251,7 +4263,7 @@
147 - unlink(nextchunk, bck, fwd);
148 + unlink(av, nextchunk, bck, fwd);
150 clear_inuse_bit_at_offset(nextchunk, 0);
152 @@ -4320,7 +4332,9 @@
154 errstr = "realloc(): invalid old size";
156 + mutex_unlock(&av->mutex);
157 malloc_printerr (check_action, errstr, chunk2mem(oldp));
158 + mutex_lock(&av->mutex);
162 @@ -4362,7 +4376,7 @@
163 (unsigned long)(newsize = oldsize + nextsize) >=
164 (unsigned long)(nb)) {
166 - unlink(next, bck, fwd);
167 + unlink(av, next, bck, fwd);
170 /* allocate, copy, free */