Fix bug in emergency cxa pool free

This probably has never actually affected anyone in practice. The normal
ABI implementation just uses malloc and only falls back to the pool on
malloc failure. But if that happens a bunch of times the freelist gets out
of order which violates some of the invariants of the freelist (as well as
the comments that follow the bug). The bug is just a comparison reversal
when traversing the freelist in the case where the pointer being returned
to the pool is after the existing freelist.

libstdc++-v3/
	* libsupc++/eh_alloc.cc (pool::free): Inverse comparison.

diff --git a/libstdc++-v3/libsupc++/eh_alloc.cc b/libstdc++-v3/libsupc++/eh_alloc.cc
index c85b9aed40b5785a138e6c22e70fc27089466eef..68f319869f9b42cadcf8559801639b467d5d864f 100644 (file)
--- a/libstdc++-v3/libsupc++/eh_alloc.cc
+++ b/libstdc++-v3/libsupc++/eh_alloc.cc
@@ -224,8 +224,8 @@ namespace
          free_entry **fe;
          for (fe = &first_free_entry;
               (*fe)->next
-              && (reinterpret_cast <char *> ((*fe)->next)
-                  > reinterpret_cast <char *> (e) + sz);
+              && (reinterpret_cast <char *> (e) + sz
+                  > reinterpret_cast <char *> ((*fe)->next));
               fe = &(*fe)->next)
            ;
          // If we can merge the next block into us do so and continue