|
 |
b40826 |
Index: glibc-2.12-2-gc4ccff1/malloc/arena.c
|
|
|
b40826 |
===================================================================
|
|
|
b40826 |
--- glibc-2.12-2-gc4ccff1.orig/malloc/arena.c
|
|
|
b40826 |
+++ glibc-2.12-2-gc4ccff1/malloc/arena.c
|
|
|
b40826 |
@@ -870,7 +870,7 @@ heap_trim(heap, pad) heap_info *heap; si
|
|
|
b40826 |
heap = prev_heap;
|
|
|
b40826 |
if(!prev_inuse(p)) { /* consolidate backward */
|
|
|
b40826 |
p = prev_chunk(p);
|
|
|
b40826 |
- unlink(p, bck, fwd);
|
|
|
b40826 |
+ unlink(ar_ptr, p, bck, fwd);
|
|
|
b40826 |
}
|
|
|
b40826 |
assert(((unsigned long)((char*)p + new_size) & (pagesz-1)) == 0);
|
|
|
b40826 |
assert( ((char*)p + new_size) == ((char*)heap + heap->size) );
|
|
|
b40826 |
Index: glibc-2.12-2-gc4ccff1/malloc/hooks.c
|
|
|
b40826 |
===================================================================
|
|
|
b40826 |
--- glibc-2.12-2-gc4ccff1.orig/malloc/hooks.c
|
|
|
b40826 |
+++ glibc-2.12-2-gc4ccff1/malloc/hooks.c
|
|
|
b40826 |
@@ -219,7 +219,9 @@ top_check()
|
|
|
b40826 |
(char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem)))
|
|
|
b40826 |
return 0;
|
|
|
b40826 |
|
|
|
b40826 |
+ mutex_unlock(&main_arena);
|
|
|
b40826 |
malloc_printerr (check_action, "malloc: top chunk is corrupt", t);
|
|
|
b40826 |
+ mutex_lock(&main_arena);
|
|
|
b40826 |
|
|
|
b40826 |
/* Try to set up a new top chunk. */
|
|
|
b40826 |
brk = MORECORE(0);
|
|
|
b40826 |
Index: glibc-2.12-2-gc4ccff1/malloc/malloc.c
|
|
|
b40826 |
===================================================================
|
|
|
b40826 |
--- glibc-2.12-2-gc4ccff1.orig/malloc/malloc.c
|
|
|
b40826 |
+++ glibc-2.12-2-gc4ccff1/malloc/malloc.c
|
|
|
b40826 |
@@ -2109,12 +2109,14 @@ typedef struct malloc_chunk* mbinptr;
|
|
|
b40826 |
#define last(b) ((b)->bk)
|
|
|
b40826 |
|
|
|
b40826 |
/* Take a chunk off a bin list */
|
|
|
b40826 |
-#define unlink(P, BK, FD) { \
|
|
|
b40826 |
+#define unlink(AV, P, BK, FD) { \
|
|
|
b40826 |
FD = P->fd; \
|
|
|
b40826 |
BK = P->bk; \
|
|
|
b40826 |
- if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
|
|
|
b40826 |
+ if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) { \
|
|
|
b40826 |
+ mutex_unlock(&(AV)->mutex); \
|
|
|
b40826 |
malloc_printerr (check_action, "corrupted double-linked list", P); \
|
|
|
b40826 |
- else { \
|
|
|
b40826 |
+ mutex_lock(&(AV)->mutex); \
|
|
|
b40826 |
+ } else { \
|
|
|
b40826 |
FD->bk = BK; \
|
|
|
b40826 |
BK->fd = FD; \
|
|
|
b40826 |
if (!in_smallbin_range (P->size) \
|
|
|
b40826 |
@@ -3257,7 +3259,9 @@ static Void_t* sYSMALLOc(nb, av) INTERNA
|
|
|
b40826 |
|
|
|
b40826 |
else if (contiguous(av) && old_size && brk < old_end) {
|
|
|
b40826 |
/* Oops! Someone else killed our space.. Can't touch anything. */
|
|
|
b40826 |
+ mutex_unlock(&av->mutex);
|
|
|
b40826 |
malloc_printerr (3, "break adjusted to free malloc space", brk);
|
|
|
b40826 |
+ mutex_lock(&av->mutex);
|
|
|
b40826 |
}
|
|
|
b40826 |
|
|
|
b40826 |
/*
|
|
|
b40826 |
@@ -4305,7 +4309,9 @@ _int_malloc(mstate av, size_t bytes)
|
|
|
b40826 |
{
|
|
|
b40826 |
errstr = "malloc(): memory corruption (fast)";
|
|
|
b40826 |
errout:
|
|
|
b40826 |
+ mutex_unlock(&av->mutex);
|
|
|
b40826 |
malloc_printerr (check_action, errstr, chunk2mem (victim));
|
|
|
b40826 |
+ mutex_lock(&av->mutex);
|
|
|
b40826 |
return NULL;
|
|
|
b40826 |
}
|
|
|
b40826 |
#ifndef ATOMIC_FASTBINS
|
|
|
b40826 |
@@ -4393,8 +4399,12 @@ _int_malloc(mstate av, size_t bytes)
|
|
|
b40826 |
bck = victim->bk;
|
|
|
b40826 |
if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0)
|
|
|
b40826 |
|| __builtin_expect (victim->size > av->system_mem, 0))
|
|
|
b40826 |
- malloc_printerr (check_action, "malloc(): memory corruption",
|
|
|
b40826 |
- chunk2mem (victim));
|
|
|
b40826 |
+ {
|
|
|
b40826 |
+ void *p = chunk2mem(victim);
|
|
|
b40826 |
+ mutex_unlock(&av->mutex);
|
|
|
b40826 |
+ malloc_printerr (check_action, "malloc(): memory corruption", p);
|
|
|
b40826 |
+ mutex_lock(&av->mutex);
|
|
|
b40826 |
+ }
|
|
|
b40826 |
size = chunksize(victim);
|
|
|
b40826 |
|
|
|
b40826 |
/*
|
|
|
b40826 |
@@ -4535,7 +4545,7 @@ _int_malloc(mstate av, size_t bytes)
|
|
|
b40826 |
victim = victim->fd;
|
|
|
b40826 |
|
|
|
b40826 |
remainder_size = size - nb;
|
|
|
b40826 |
- unlink(victim, bck, fwd);
|
|
|
b40826 |
+ unlink(av, victim, bck, fwd);
|
|
|
b40826 |
|
|
|
b40826 |
/* Exhaust */
|
|
|
b40826 |
if (remainder_size < MINSIZE) {
|
|
|
b40826 |
@@ -4633,7 +4643,7 @@ _int_malloc(mstate av, size_t bytes)
|
|
|
b40826 |
remainder_size = size - nb;
|
|
|
b40826 |
|
|
|
b40826 |
/* unlink */
|
|
|
b40826 |
- unlink(victim, bck, fwd);
|
|
|
b40826 |
+ unlink(av, victim, bck, fwd);
|
|
|
b40826 |
|
|
|
b40826 |
/* Exhaust */
|
|
|
b40826 |
if (remainder_size < MINSIZE) {
|
|
|
b40826 |
@@ -4789,10 +4799,14 @@ _int_free(mstate av, mchunkptr p)
|
|
|
b40826 |
errstr = "free(): invalid pointer";
|
|
|
b40826 |
errout:
|
|
|
b40826 |
#ifdef ATOMIC_FASTBINS
|
|
|
b40826 |
- if (! have_lock && locked)
|
|
|
b40826 |
+ if (have_lock || locked)
|
|
|
b40826 |
(void)mutex_unlock(&av->mutex);
|
|
|
b40826 |
#endif
|
|
|
b40826 |
malloc_printerr (check_action, errstr, chunk2mem(p));
|
|
|
b40826 |
+#ifdef ATOMIC_FASTBINS
|
|
|
b40826 |
+ if (have_lock)
|
|
|
b40826 |
+ mutex_lock(&av->mutex);
|
|
|
b40826 |
+#endif
|
|
|
b40826 |
return;
|
|
|
b40826 |
}
|
|
|
b40826 |
/* We know that each chunk is at least MINSIZE bytes in size. */
|
|
|
b40826 |
@@ -4961,7 +4975,7 @@ _int_free(mstate av, mchunkptr p)
|
|
|
b40826 |
prevsize = p->prev_size;
|
|
|
b40826 |
size += prevsize;
|
|
|
b40826 |
p = chunk_at_offset(p, -((long) prevsize));
|
|
|
b40826 |
- unlink(p, bck, fwd);
|
|
|
b40826 |
+ unlink(av, p, bck, fwd);
|
|
|
b40826 |
}
|
|
|
b40826 |
|
|
|
b40826 |
if (nextchunk != av->top) {
|
|
|
b40826 |
@@ -4970,7 +4984,7 @@ _int_free(mstate av, mchunkptr p)
|
|
|
b40826 |
|
|
|
b40826 |
/* consolidate forward */
|
|
|
b40826 |
if (!nextinuse) {
|
|
|
b40826 |
- unlink(nextchunk, bck, fwd);
|
|
|
b40826 |
+ unlink(av, nextchunk, bck, fwd);
|
|
|
b40826 |
size += nextsize;
|
|
|
b40826 |
} else
|
|
|
b40826 |
clear_inuse_bit_at_offset(nextchunk, 0);
|
|
|
b40826 |
@@ -5158,7 +5172,7 @@ static void malloc_consolidate(av) mstat
|
|
|
b40826 |
prevsize = p->prev_size;
|
|
|
b40826 |
size += prevsize;
|
|
|
b40826 |
p = chunk_at_offset(p, -((long) prevsize));
|
|
|
b40826 |
- unlink(p, bck, fwd);
|
|
|
b40826 |
+ unlink(av, p, bck, fwd);
|
|
|
b40826 |
}
|
|
|
b40826 |
|
|
|
b40826 |
if (nextchunk != av->top) {
|
|
|
b40826 |
@@ -5166,7 +5180,7 @@ static void malloc_consolidate(av) mstat
|
|
|
b40826 |
|
|
|
b40826 |
if (!nextinuse) {
|
|
|
b40826 |
size += nextsize;
|
|
|
b40826 |
- unlink(nextchunk, bck, fwd);
|
|
|
b40826 |
+ unlink(av, nextchunk, bck, fwd);
|
|
|
b40826 |
} else
|
|
|
b40826 |
clear_inuse_bit_at_offset(nextchunk, 0);
|
|
|
b40826 |
|
|
|
b40826 |
@@ -5235,7 +5249,9 @@ _int_realloc(mstate av, mchunkptr oldp,
|
|
|
b40826 |
{
|
|
|
b40826 |
errstr = "realloc(): invalid old size";
|
|
|
b40826 |
errout:
|
|
|
b40826 |
+ mutex_unlock(&av->mutex);
|
|
|
b40826 |
malloc_printerr (check_action, errstr, chunk2mem(oldp));
|
|
|
b40826 |
+ mutex_lock(&av->mutex);
|
|
|
b40826 |
return NULL;
|
|
|
b40826 |
}
|
|
|
b40826 |
|
|
|
b40826 |
@@ -5282,7 +5298,7 @@ _int_realloc(mstate av, mchunkptr oldp,
|
|
|
b40826 |
(unsigned long)(newsize = oldsize + nextsize) >=
|
|
|
b40826 |
(unsigned long)(nb)) {
|
|
|
b40826 |
newp = oldp;
|
|
|
b40826 |
- unlink(next, bck, fwd);
|
|
|
b40826 |
+ unlink(av, next, bck, fwd);
|
|
|
b40826 |
}
|
|
|
b40826 |
|
|
|
b40826 |
/* allocate, copy, free */
|