This is the mail archive of the ecos-patches@sourceware.org mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [ECOS] Re: dlmalloc-2.6.4.c MALLOC_COPY broken?

From: Dave Lawrence <dlawrence at ad-holdings dot co dot uk>
To: ecos-patches at sources dot redhat dot com
Date: Tue, 08 Jan 2008 12:02:10 +0000
Subject: Re: [ECOS] Re: dlmalloc-2.6.4.c MALLOC_COPY broken?
References: <c09652430712310515qe60f9den48383d2d6a18a3a7@mail.gmail.com> <fli8qp$p7n$1@ger.gmane.org> <20080106120732.GG3023@lunn.ch> <47835C08.2070508@ad-holdings.co.uk>

Infact it is 2.6.6 that is broken (sorry for the confusion).

This version attempts to extend the block forwards or backwards in preference to allocating a completely new block. If the increase in size is less then a factor of two then the resulting copy will overlap.

To give a bit more detail on this, the exact place the problem occurs when it decides to extend the block backwards.

Imagine the most basic memcpy implementation:
 while (size --)
   *p2 ++ = * p1 ++;

This would be safe for going backwards. So would many memcpy implementations which is probably why this bug has gone unnoticed for a while.

Of course, if the block is extended forwards, no data needs to be copied at all since the start address remains unchanged.

References:
- Re: [ECOS] Re: dlmalloc-2.6.4.c MALLOC_COPY broken?
  - From: Andrew Lunn
- Re: [ECOS] Re: dlmalloc-2.6.4.c MALLOC_COPY broken?
  - From: Dave Lawrence

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]