From: Keef Aragon Date: Wed, 17 Aug 2022 06:45:15 +0000 (+0200) Subject: Fix bug in emergency cxa pool free X-Git-Tag: basepoints/gcc-14~5121 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5bc2042df437cd8aeebcdf5bbb858678e3733ca4;p=thirdparty%2Fgcc.git Fix bug in emergency cxa pool free This probably has never actually affected anyone in practice. The normal ABI implementation just uses malloc and only falls back to the pool on malloc failure. But if that happens a bunch of times the freelist gets out of order which violates some of the invariants of the freelist (as well as the comments that follow the bug). The bug is just a comparison reversal when traversing the freelist in the case where the pointer being returned to the pool is after the existing freelist. libstdc++-v3/ * libsupc++/eh_alloc.cc (pool::free): Inverse comparison. --- diff --git a/libstdc++-v3/libsupc++/eh_alloc.cc b/libstdc++-v3/libsupc++/eh_alloc.cc index c85b9aed40b..68f319869f9 100644 --- a/libstdc++-v3/libsupc++/eh_alloc.cc +++ b/libstdc++-v3/libsupc++/eh_alloc.cc @@ -224,8 +224,8 @@ namespace free_entry **fe; for (fe = &first_free_entry; (*fe)->next - && (reinterpret_cast ((*fe)->next) - > reinterpret_cast (e) + sz); + && (reinterpret_cast (e) + sz + > reinterpret_cast ((*fe)->next)); fe = &(*fe)->next) ; // If we can merge the next block into us do so and continue