1 Index: glibc-2.12-2-gc4ccff1/malloc/arena.c
2 ===================================================================
3 --- glibc-2.12-2-gc4ccff1.orig/malloc/arena.c
4 +++ glibc-2.12-2-gc4ccff1/malloc/arena.c
5 @@ -870,7 +870,7 @@ heap_trim(heap, pad) heap_info *heap; si
7 if(!prev_inuse(p)) { /* consolidate backward */
10 + unlink(ar_ptr, p, bck, fwd);
12 assert(((unsigned long)((char*)p + new_size) & (pagesz-1)) == 0);
13 assert( ((char*)p + new_size) == ((char*)heap + heap->size) );
14 Index: glibc-2.12-2-gc4ccff1/malloc/hooks.c
15 ===================================================================
16 --- glibc-2.12-2-gc4ccff1.orig/malloc/hooks.c
17 +++ glibc-2.12-2-gc4ccff1/malloc/hooks.c
18 @@ -219,7 +219,9 @@ top_check()
19 (char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem)))
22 + mutex_unlock(&main_arena);
23 malloc_printerr (check_action, "malloc: top chunk is corrupt", t);
24 + mutex_lock(&main_arena);
26 /* Try to set up a new top chunk. */
28 Index: glibc-2.12-2-gc4ccff1/malloc/malloc.c
29 ===================================================================
30 --- glibc-2.12-2-gc4ccff1.orig/malloc/malloc.c
31 +++ glibc-2.12-2-gc4ccff1/malloc/malloc.c
32 @@ -2109,12 +2109,14 @@ typedef struct malloc_chunk* mbinptr;
33 #define last(b) ((b)->bk)
35 /* Take a chunk off a bin list */
36 -#define unlink(P, BK, FD) { \
37 +#define unlink(AV, P, BK, FD) { \
40 - if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
41 + if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) { \
42 + mutex_unlock(&(AV)->mutex); \
43 malloc_printerr (check_action, "corrupted double-linked list", P); \
45 + mutex_lock(&(AV)->mutex); \
49 if (!in_smallbin_range (P->size) \
50 @@ -3257,7 +3259,9 @@ static Void_t* sYSMALLOc(nb, av) INTERNA
52 else if (contiguous(av) && old_size && brk < old_end) {
53 /* Oops! Someone else killed our space.. Can't touch anything. */
54 + mutex_unlock(&av->mutex);
55 malloc_printerr (3, "break adjusted to free malloc space", brk);
56 + mutex_lock(&av->mutex);
60 @@ -4305,7 +4309,9 @@ _int_malloc(mstate av, size_t bytes)
62 errstr = "malloc(): memory corruption (fast)";
64 + mutex_unlock(&av->mutex);
65 malloc_printerr (check_action, errstr, chunk2mem (victim));
66 + mutex_lock(&av->mutex);
69 #ifndef ATOMIC_FASTBINS
70 @@ -4393,8 +4399,12 @@ _int_malloc(mstate av, size_t bytes)
72 if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0)
73 || __builtin_expect (victim->size > av->system_mem, 0))
74 - malloc_printerr (check_action, "malloc(): memory corruption",
75 - chunk2mem (victim));
77 + void *p = chunk2mem(victim);
78 + mutex_unlock(&av->mutex);
79 + malloc_printerr (check_action, "malloc(): memory corruption", p);
80 + mutex_lock(&av->mutex);
82 size = chunksize(victim);
85 @@ -4535,7 +4545,7 @@ _int_malloc(mstate av, size_t bytes)
88 remainder_size = size - nb;
89 - unlink(victim, bck, fwd);
90 + unlink(av, victim, bck, fwd);
93 if (remainder_size < MINSIZE) {
94 @@ -4633,7 +4643,7 @@ _int_malloc(mstate av, size_t bytes)
95 remainder_size = size - nb;
98 - unlink(victim, bck, fwd);
99 + unlink(av, victim, bck, fwd);
102 if (remainder_size < MINSIZE) {
103 @@ -4789,10 +4799,14 @@ _int_free(mstate av, mchunkptr p)
104 errstr = "free(): invalid pointer";
106 #ifdef ATOMIC_FASTBINS
107 - if (! have_lock && locked)
108 + if (have_lock || locked)
109 (void)mutex_unlock(&av->mutex);
111 malloc_printerr (check_action, errstr, chunk2mem(p));
112 +#ifdef ATOMIC_FASTBINS
114 + mutex_lock(&av->mutex);
118 /* We know that each chunk is at least MINSIZE bytes in size. */
119 @@ -4961,7 +4975,7 @@ _int_free(mstate av, mchunkptr p)
120 prevsize = p->prev_size;
122 p = chunk_at_offset(p, -((long) prevsize));
123 - unlink(p, bck, fwd);
124 + unlink(av, p, bck, fwd);
127 if (nextchunk != av->top) {
128 @@ -4970,7 +4984,7 @@ _int_free(mstate av, mchunkptr p)
130 /* consolidate forward */
132 - unlink(nextchunk, bck, fwd);
133 + unlink(av, nextchunk, bck, fwd);
136 clear_inuse_bit_at_offset(nextchunk, 0);
137 @@ -5158,7 +5172,7 @@ static void malloc_consolidate(av) mstat
138 prevsize = p->prev_size;
140 p = chunk_at_offset(p, -((long) prevsize));
141 - unlink(p, bck, fwd);
142 + unlink(av, p, bck, fwd);
145 if (nextchunk != av->top) {
146 @@ -5166,7 +5180,7 @@ static void malloc_consolidate(av) mstat
150 - unlink(nextchunk, bck, fwd);
151 + unlink(av, nextchunk, bck, fwd);
153 clear_inuse_bit_at_offset(nextchunk, 0);
155 @@ -5235,7 +5249,9 @@ _int_realloc(mstate av, mchunkptr oldp,
157 errstr = "realloc(): invalid old size";
159 + mutex_unlock(&av->mutex);
160 malloc_printerr (check_action, errstr, chunk2mem(oldp));
161 + mutex_lock(&av->mutex);
165 @@ -5282,7 +5298,7 @@ _int_realloc(mstate av, mchunkptr oldp,
166 (unsigned long)(newsize = oldsize + nextsize) >=
167 (unsigned long)(nb)) {
169 - unlink(next, bck, fwd);
170 + unlink(av, next, bck, fwd);
173 /* allocate, copy, free */