From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26776 invoked by alias); 10 Sep 2004 19:49:52 -0000 Mailing-List: contact libc-hacker-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-hacker-owner@sources.redhat.com Received: (qmail 26749 invoked from network); 10 Sep 2004 19:49:50 -0000 Received: from unknown (HELO sunsite.ms.mff.cuni.cz) (195.113.15.26) by sourceware.org with SMTP; 10 Sep 2004 19:49:50 -0000 Received: from sunsite.ms.mff.cuni.cz (sunsite.mff.cuni.cz [127.0.0.1]) by sunsite.ms.mff.cuni.cz (8.12.8/8.12.8) with ESMTP id i8AJnk3j016081; Fri, 10 Sep 2004 21:49:46 +0200 Received: (from jakub@localhost) by sunsite.ms.mff.cuni.cz (8.12.8/8.12.8/Submit) id i8AJnkJD016079; Fri, 10 Sep 2004 21:49:46 +0200 Date: Fri, 10 Sep 2004 19:49:00 -0000 From: Jakub Jelinek To: Ulrich Drepper Cc: Glibc hackers Subject: [PATCH] Fix malloc double free check Message-ID: <20040910194946.GZ30497@sunsite.ms.mff.cuni.cz> Reply-To: Jakub Jelinek Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-SW-Source: 2004-09/txt/msg00044.txt.bz2 Hi! This patch fixes glibc build on ia64. 2004-09-10 Jakub Jelinek * malloc/malloc.c (_int_free): Only do arena boundary check for contiguous arenas. --- libc/malloc/malloc.c 10 Sep 2004 10:30:43 -0000 +++ libc/malloc/malloc.c 10 Sep 2004 11:13:24 -0000 @@ -4229,8 +4229,9 @@ _int_free(mstate av, Void_t* mem) if (__builtin_expect (p == av->top, 0)) goto double_free; /* Or whether the next chunk is beyond the boundaries of the arena. */ - if (__builtin_expect ((char *) nextchunk >= ((char *) av->top - + chunksize(av->top)), 0)) + if (__builtin_expect (contiguous (av) + && (char *) nextchunk + >= ((char *) av->top + chunksize(av->top)), 0)) goto double_free; /* Or whether the block is actually not marked used. */ if (__builtin_expect (!prev_inuse(nextchunk), 0)) Jakub