> -----Original Message-----
> From: Lou Amadio [mailto:invalid.nore...@gnu.org]
> Sent: Saturday, February 28, 2009 10:13 AM
> To: Lou Amadio; Joerg Wunsch; Weddington, Eric;
> avr-libc-dev@nongnu.org
> Subject: [bug #25723] Realloc corrupts free list when growing
> into the next free item
>
>
> Follow-up Comment #4, bug #25723 (project avr-libc):
>
> Updated diff
>
> (sorry about the 'blessed' comment - it was originally a blog post,
> attempting to understand the avr-lib checkin and unit testing
> process in order
> to 'bless' the fix)
>
Hi Lou,
Is there any way that you could produce a patch without all the whitespace
changes that you have below? We would only like to change what is necessary.
See the -w switch for diff.
Thanks,
Eric Weddington
> Index: realloc.c
> ===================================================================
> RCS file: /sources/avr-libc/avr-libc/libc/stdlib/realloc.c,v
> retrieving revision 1.4
> diff -u -r1.4 realloc.c
> --- realloc.c 8 Feb 2005 20:34:17 -0000 1.4
> +++ realloc.c 28 Feb 2009 17:10:38 -0000
> @@ -46,21 +46,21 @@
> char *cp, *cp1;
> void *memp;
> size_t s, incr;
> -
> +
> /* Trivial case, required by C standard. */
> if (ptr == 0)
> return malloc(len);
> -
> +
> cp1 = (char *)ptr;
> cp1 -= sizeof(size_t);
> fp1 = (struct __freelist *)cp1;
> -
> +
> cp = (char *)ptr + len; /* new next pointer */
> if (cp < cp1)
> - /* Pointer wrapped across top of RAM, fail. */
> + /* Pointer wrapped across top of RAM, fail. */
> return 0;
> - fp2 = (struct __freelist *)cp;
> -
> + fp2 = (struct __freelist *)(cp - sizeof(size_t));
> +
> /*
> * See whether we are growing or shrinking. When shrinking,
> * we split off a chunk for the released portion, and call
> @@ -79,21 +79,19 @@
> free(&(fp2->nx));
> return ptr;
> }
> -
> +
> /*
> * If we get here, we are growing. First, see whether there
> * is space in the free list on top of our current chunk.
> */
> - incr = len - fp1->sz - sizeof(size_t);
> + incr = len - fp1->sz;
> cp = (char *)ptr + fp1->sz;
> - fp2 = (struct __freelist *)cp;
> for (s = 0, ofp3 = 0, fp3 = __flp;
> - fp3;
> - ofp3 = fp3, fp3 = fp3->nx) {
> + fp3;
> + ofp3 = fp3, fp3 = fp3->nx) {
> if (fp3 == fp2 && fp3->sz >= incr) {
> /* found something that fits */
> - if (incr <= fp3->sz &&
> - incr > fp3->sz - sizeof(struct
> __freelist)) {
> + if (incr <= fp3->sz + sizeof(size_t)) {
> /* it just fits, so use it entirely */
> fp1->sz += fp3->sz + sizeof(size_t);
> if (ofp3)
> @@ -104,7 +102,7 @@
> }
> /* split off a new freelist entry */
> cp = (char *)ptr + len;
> - fp2 = (struct __freelist *)cp;
> + fp2 = (struct __freelist *)(cp -
> sizeof(size_t));
> fp2->nx = fp3->nx;
> fp2->sz = fp3->sz - incr - sizeof(size_t);
> if (ofp3)
> @@ -141,7 +139,7 @@
> /* If that failed, we are out of luck. */
> return 0;
> }
> -
> +
> /*
> * Call malloc() for a new chunk, then copy over the data, and
> * release the old region.
>
>
> _______________________________________________________
>
> Reply to this item at:
>
> <http://savannah.nongnu.org/bugs/?25723>
>
> _______________________________________________
> Message sent via/by Savannah
> http://savannah.nongnu.org/
>
>
_______________________________________________
AVR-libc-dev mailing list
AVR-libc-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
