This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug malloc/13576] Free chunk in malloc may have incorrect size


http://sourceware.org/bugzilla/show_bug.cgi?id=13576

H.J. Lu <hjl.tools at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |NEW
            Version|2.15                        |unspecified

--- Comment #4 from H.J. Lu <hjl.tools at gmail dot com> 2012-05-24 19:20:31 UTC ---
This bug caused some test failures in one of nss packages on Linux/x32.
When sysmalloc frees old top chunk, it should make sure that the size of
the returned chunk is a multiple of MALLOC_ALIGNMENT, just like several
lines below:

        /*   
             Shrink old_top to insert fenceposts, keeping size a
             multiple of MALLOC_ALIGNMENT. We know there is at least
             enough space in old_top to do this.
          */
          old_size = (old_size - 4*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
          set_head(old_top, old_size | PREV_INUSE);

If the returned chunk doesn't have a multiple of MALLOC_ALIGNMEN in
size, it will fail this check:

  /* We know that each chunk is at least MINSIZE bytes in size of a
     multiple of MALLOC_ALIGNMENT.  */
  if (__builtin_expect (size < MINSIZE
                        || (size & MALLOC_ALIGN_MASK) != 0, 0))
    {    
      errstr = "free(): invalid size";
      goto errout;
    }

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]