From 62536afb90ebb3d7421485c018abd90ba72b919c Mon Sep 17 00:00:00 2001

From: "Barton E. Schaefer" <schaefer@zsh.org>

Date: Sat, 18 Jan 2014 21:22:11 -0800

Subject: [PATCH 1/2] 32285: restart the fheap search in freeheap if the

 current fheap arena is about to be discarded; fixes crash

Upstream-commit: 23f98c3e1d4792e32c616e1f73c383988bd86a9c

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 Src/mem.c | 9 +++++++++

 1 file changed, 9 insertions(+)

diff --git a/Src/mem.c b/Src/mem.c

index aeca3d9..eb5a091 100644

--- a/Src/mem.c

+++ b/Src/mem.c

@@ -367,6 +367,15 @@ freeheap(void)

 	    }

 #endif

 	} else {

+	    if (h == fheap && h != heaps) {

+		/*

+		 * When deallocating the last arena with free space,

+		 * loop back through the list to find another one.

+		 */

+		fheap = NULL;

+		hn = heaps;

+		continue;

+	    }

 #ifdef USE_MMAP

 	    munmap((void *) h, h->size);

 #else

-- 

2.13.5

From d968fe1061acabd72465a276c2de060f0f8bb668 Mon Sep 17 00:00:00 2001

From: "Barton E. Schaefer" <schaefer@zsh.org>

Date: Wed, 22 Jan 2014 21:47:29 -0800

Subject: [PATCH 2/2] unposted: reformulate 32285 to lift the fheap->sp test

 out of the loop, improve commentary

Upstream-commit: 6c603a412751c810ba04bcd463cd3595091ca391

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 Src/mem.c | 24 +++++++++---------------

 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/Src/mem.c b/Src/mem.c

index eb5a091..3a7e31d 100644

--- a/Src/mem.c

+++ b/Src/mem.c

@@ -319,23 +319,26 @@ freeheap(void)

     h_free++;

 #endif

-    /* At this point we used to do:

-    fheap = NULL;

-     *

+    /*

      * When pushheap() is called, it sweeps over the entire heaps list of

      * arenas and marks every one of them with the amount of free space in

      * that arena at that moment.  zhalloc() is then allowed to grab bits

      * out of any of those arenas that have free space.

      *

-     * With the above reset of fheap, the loop below sweeps back over the

+     * Whenever fheap is NULL here, the loop below sweeps back over the

      * entire heap list again, resetting the free space in every arena to

      * the amount stashed by pushheap() and finding the first arena with

      * free space to optimize zhalloc()'s next search.  When there's a lot

      * of stuff already on the heap, this is an enormous amount of work,

      * and performance goes to hell.

      *

-     * However, there doesn't seem to be any reason to reset fheap before

-     * beginning this loop.  Either it's already correct, or it has never

+     * However, if the arena to which fheap points is unused, we want to

+     * free it, so we have no choice but to do the sweep for a new fheap.

+     */

+    if (fheap && !fheap->sp)

+	fheap = NULL;	/* We used to do this unconditionally */

+    /*

+     * In other cases, either fheap is already correct, or it has never

      * been set and this loop will do it, or it'll be reset from scratch

      * on the next popheap().  So all that's needed here is to pick up

      * the scan wherever the last pass [or the last popheap()] left off.

@@ -367,15 +370,6 @@ freeheap(void)

 	    }

 #endif

 	} else {

-	    if (h == fheap && h != heaps) {

-		/*

-		 * When deallocating the last arena with free space,

-		 * loop back through the list to find another one.

-		 */

-		fheap = NULL;

-		hn = heaps;

-		continue;

-	    }

 #ifdef USE_MMAP

 	    munmap((void *) h, h->size);

 #else

-- 

2.13.5