From: H.J. Lu Date: Mon, 24 Sep 2012 15:58:04 +0000 (-0700) Subject: Properly handle fencepost with MALLOC_ALIGN_MASK X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbe53ed2c311b7281837b6f3f24ddeb8f3d65697;p=thirdparty%2Fglibc.git Properly handle fencepost with MALLOC_ALIGN_MASK Cherry-pick commit ced6f16ee919d12725840d43d007f1cfd67118df. Conflicts: ChangeLog NEWS --- diff --git a/ChangeLog b/ChangeLog index 5e818a9f4ca..967ab9b2b5b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2012-09-24 H.J. Lu + + [BZ #14562] + * malloc/arena.c (heap_trim): Properly get fencepost and adjust + new chunk size with MALLOC_ALIGN_MASK. + 2012-08-29 H.J. Lu [BZ #14476] diff --git a/NEWS b/NEWS index ecb93507d46..4b10c01df12 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,7 @@ Version 2.16.1 * The following bugs are resolved with this release: - 14195, 14459, 14476 + 14195, 14459, 14476, 14562 Version 2.16 diff --git a/malloc/arena.c b/malloc/arena.c index 33c4ff37a75..71a0dee6399 100644 --- a/malloc/arena.c +++ b/malloc/arena.c @@ -652,15 +652,19 @@ heap_trim(heap_info *heap, size_t pad) unsigned long pagesz = GLRO(dl_pagesize); mchunkptr top_chunk = top(ar_ptr), p, bck, fwd; heap_info *prev_heap; - long new_size, top_size, extra; + long new_size, top_size, extra, prev_size, misalign; /* Can this heap go away completely? */ while(top_chunk == chunk_at_offset(heap, sizeof(*heap))) { prev_heap = heap->prev; - p = chunk_at_offset(prev_heap, prev_heap->size - (MINSIZE-2*SIZE_SZ)); + prev_size = prev_heap->size - (MINSIZE-2*SIZE_SZ); + p = chunk_at_offset(prev_heap, prev_size); + /* fencepost must be properly aligned. */ + misalign = ((long) p) & MALLOC_ALIGN_MASK; + p = chunk_at_offset(prev_heap, prev_size - misalign); assert(p->size == (0|PREV_INUSE)); /* must be fencepost */ p = prev_chunk(p); - new_size = chunksize(p) + (MINSIZE-2*SIZE_SZ); + new_size = chunksize(p) + (MINSIZE-2*SIZE_SZ) + misalign; assert(new_size>0 && new_size<(long)(2*MINSIZE)); if(!prev_inuse(p)) new_size += p->prev_size;