Follow-up Comment #5, bug #25723 (project avr-libc):
Index: realloc.c
===================================================================
RCS file: /sources/avr-libc/avr-libc/libc/stdlib/realloc.c,v
retrieving revision 1.4
diff -u -w -r1.4 realloc.c
--- realloc.c 8 Feb 2005 20:34:17 -0000 1.4
+++ realloc.c 28 Feb 2009 17:46:05 -0000
@@ -59,7 +59,7 @@
if (cp < cp1)
/* Pointer wrapped across top of RAM, fail. */
return 0;
- fp2 = (struct __freelist *)cp;
+ fp2 = (struct __freelist *)(cp - sizeof(size_t));
/*
* See whether we are growing or shrinking. When shrinking,
@@ -84,16 +84,14 @@
* If we get here, we are growing. First, see whether there
* is space in the free list on top of our current chunk.
*/
- incr = len - fp1->sz - sizeof(size_t);
+ incr = len - fp1->sz;
cp = (char *)ptr + fp1->sz;
- fp2 = (struct __freelist *)cp;
for (s = 0, ofp3 = 0, fp3 = __flp;
fp3;
ofp3 = fp3, fp3 = fp3->nx) {
if (fp3 == fp2 && fp3->sz >= incr) {
/* found something that fits */
- if (incr <= fp3->sz &&
- incr > fp3->sz - sizeof(struct __freelist)) {
+ if (incr <= fp3->sz + sizeof(size_t)) {
/* it just fits, so use it entirely */
fp1->sz += fp3->sz + sizeof(size_t);
if (ofp3)
@@ -104,7 +102,7 @@
}
/* split off a new freelist entry */
cp = (char *)ptr + len;
- fp2 = (struct __freelist *)cp;
+ fp2 = (struct __freelist *)(cp - sizeof(size_t));
fp2->nx = fp3->nx;
fp2->sz = fp3->sz - incr - sizeof(size_t);
if (ofp3)
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?25723>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
_______________________________________________
AVR-libc-dev mailing list
AVR-libc-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
