[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into
From: |
Lou Amadio |
Subject: |
[avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item |
Date: |
Sat, 28 Feb 2009 17:47:10 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16 |
Follow-up Comment #5, bug #25723 (project avr-libc):
Index: realloc.c
===================================================================
RCS file: /sources/avr-libc/avr-libc/libc/stdlib/realloc.c,v
retrieving revision 1.4
diff -u -w -r1.4 realloc.c
--- realloc.c 8 Feb 2005 20:34:17 -0000 1.4
+++ realloc.c 28 Feb 2009 17:46:05 -0000
@@ -59,7 +59,7 @@
if (cp < cp1)
/* Pointer wrapped across top of RAM, fail. */
return 0;
- fp2 = (struct __freelist *)cp;
+ fp2 = (struct __freelist *)(cp - sizeof(size_t));
/*
* See whether we are growing or shrinking. When shrinking,
@@ -84,16 +84,14 @@
* If we get here, we are growing. First, see whether there
* is space in the free list on top of our current chunk.
*/
- incr = len - fp1->sz - sizeof(size_t);
+ incr = len - fp1->sz;
cp = (char *)ptr + fp1->sz;
- fp2 = (struct __freelist *)cp;
for (s = 0, ofp3 = 0, fp3 = __flp;
fp3;
ofp3 = fp3, fp3 = fp3->nx) {
if (fp3 == fp2 && fp3->sz >= incr) {
/* found something that fits */
- if (incr <= fp3->sz &&
- incr > fp3->sz - sizeof(struct __freelist)) {
+ if (incr <= fp3->sz + sizeof(size_t)) {
/* it just fits, so use it entirely */
fp1->sz += fp3->sz + sizeof(size_t);
if (ofp3)
@@ -104,7 +102,7 @@
}
/* split off a new freelist entry */
cp = (char *)ptr + len;
- fp2 = (struct __freelist *)cp;
+ fp2 = (struct __freelist *)(cp - sizeof(size_t));
fp2->nx = fp3->nx;
fp2->sz = fp3->sz - incr - sizeof(size_t);
if (ofp3)
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?25723>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item, anonymous, 2009/02/27
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item, anonymous, 2009/02/27
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item, Lou Amadio, 2009/02/27
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item, Joerg Wunsch, 2009/02/28
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item, Joerg Wunsch, 2009/02/28
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item, Eric Weddington, 2009/02/28
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item, Lou Amadio, 2009/02/28
- [avr-libc-dev] RE: [bug #25723] Realloc corrupts free list when growing into the next free item, Weddington, Eric, 2009/02/28
- [avr-libc-dev] [bug #25723] Realloc corrupts free list when growing into the next free item,
Lou Amadio <=