This is the mail archive of the
ecos-patches@sourceware.org
mailing list for the eCos project.
Re: [ECOS] Re: dlmalloc-2.6.4.c MALLOC_COPY broken?
- From: Dave Lawrence <dlawrence at ad-holdings dot co dot uk>
- To: ecos-patches at sources dot redhat dot com
- Date: Tue, 08 Jan 2008 12:02:10 +0000
- Subject: Re: [ECOS] Re: dlmalloc-2.6.4.c MALLOC_COPY broken?
- References: <c09652430712310515qe60f9den48383d2d6a18a3a7@mail.gmail.com> <fli8qp$p7n$1@ger.gmane.org> <20080106120732.GG3023@lunn.ch> <47835C08.2070508@ad-holdings.co.uk>
Infact it is 2.6.6 that is broken (sorry for the confusion).
This version attempts to extend the block forwards or backwards in
preference to allocating a completely new block. If the increase in
size is less then a factor of two then the resulting copy will overlap.
To give a bit more detail on this, the exact place the problem occurs
when it decides to extend the block backwards.
Imagine the most basic memcpy implementation:
while (size --)
*p2 ++ = * p1 ++;
This would be safe for going backwards. So would many memcpy
implementations which is probably why this bug has gone unnoticed for a
while.
Of course, if the block is extended forwards, no data needs to be copied
at all since the start address remains unchanged.