The mmalloca function used to implement malloca accesses a static global
array without synchronization:
#define HASH_TABLE_SIZE 257
static void * mmalloca_results[HASH_TABLE_SIZE];
…
mmalloca (size_t n)
{
…
/* Enter p into the hash table. */
slot = (uintptr_t) p % HASH_TABLE_SIZE;
h->next = mmalloca_results[slot];
mmalloca_results[slot] = p;
freea also causes valgrind warnings because it contains an out-of-bounds
access. This is very undesirable because it will cause programmers to
miss real bugs.
This code has been copied into libunistring and results in a thread
safety hazard there.
Thanks,
Florian
