On 2017 Jul 07 (Fri) at 08:52:42 +0200 (+0200), Otto Moerbeek wrote:
:I think I found it: requested size is not recorded for malloc(0),
:bp->offset is not initialized in that case. Other code is carefull not to
:use ->offset for size == 0.
:OA
: -Otto
:
:Index: malloc.c
:===================================================================
:RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
:retrieving revision 1.226
:diff -u -p -r1.226 malloc.c
:--- malloc.c 19 Jun 2017 03:06:26 -0000 1.226
:+++ malloc.c 7 Jul 2017 06:51:30 -0000
:@@ -1013,7 +1013,7 @@ malloc_bytes(struct dir_info *d, size_t
: /* Adjust to the real offset of that chunk */
: k += (lp - bp->bits) * MALLOC_BITS;
:
:- if (mopts.chunk_canaries)
:+ if (mopts.chunk_canaries && size > 0)
: bp->bits[bp->offset + k] = size;
:
: k <<= bp->shift;
:
OK
--
The identical is equal to itself, since it is different.
-- Franco Spisani
