This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug malloc/13576] Free chunk in malloc may have incorrect size
- From: "hjl.tools at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Thu, 24 May 2012 19:20:31 +0000
- Subject: [Bug malloc/13576] Free chunk in malloc may have incorrect size
- Auto-submitted: auto-generated
- References: <bug-13576-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13576
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
Version|2.15 |unspecified
--- Comment #4 from H.J. Lu <hjl.tools at gmail dot com> 2012-05-24 19:20:31 UTC ---
This bug caused some test failures in one of nss packages on Linux/x32.
When sysmalloc frees old top chunk, it should make sure that the size of
the returned chunk is a multiple of MALLOC_ALIGNMENT, just like several
lines below:
/*
Shrink old_top to insert fenceposts, keeping size a
multiple of MALLOC_ALIGNMENT. We know there is at least
enough space in old_top to do this.
*/
old_size = (old_size - 4*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
set_head(old_top, old_size | PREV_INUSE);
If the returned chunk doesn't have a multiple of MALLOC_ALIGNMEN in
size, it will fail this check:
/* We know that each chunk is at least MINSIZE bytes in size of a
multiple of MALLOC_ALIGNMENT. */
if (__builtin_expect (size < MINSIZE
|| (size & MALLOC_ALIGN_MASK) != 0, 0))
{
errstr = "free(): invalid size";
goto errout;
}
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.