sources-request@mirror.UUCP (08/11/86)
Submitted by: cca!astrovax!wls (William L. Sebok) Mod.sources: Volume 6, Issue 100 Archive-name: malloc.patch My recent malloc posting [Volume 6, #54 --r$] has a bug in the realloc routine. If the area of memory is to be expanded in size and if it sits adjacent to the "break" then the area is expanded by moving the break. Unfortunately, in this case I forgot to mark the area of memory as Busy and take it off the Free queues. Horrible things may then happen if a latter malloc grabs this memory hunk. Thanks to elsie!ado for finding the bug. Bill Sebok Princeton University, Astrophysics {allegra,akgua,cbosgd,decvax,ihnp4,noao,philabs,princeton,vax135}!astrovax!wls #!/bin/sh # This is a shell archive. Remove anything before this line, # then unpack it by saving it in a file and typing "sh file". # Wrapped by mirror!rs on Mon Aug 11 16:07:13 EDT 1986 # Contents: malloc.patch echo x - malloc.patch if test -f malloc.patch ; then echo malloc.patch exists, putting output in $$malloc.patch OUT=$$malloc.patch else OUT=malloc.patch fi sed 's/^XX//' > $OUT <<'@//E*O*F malloc.patch//' XX*** /tmp/,RCSt1000667 Sat Aug 2 22:49:47 1986 XX--- realloc.c Thu Jul 31 17:01:57 1986 XX*************** XX*** 71,76 XX nbytes += sizeof(struct overhead); XX BRK((char *)p + nbytes); XX p->ov_length = nbytes; XX return(mem); XX } XX XX--- 71,79 ----- XX nbytes += sizeof(struct overhead); XX BRK((char *)p + nbytes); XX p->ov_length = nbytes; XX+ /* declare it to be busy */ XX+ remque(TOBUK(p)); XX+ p->ov_magic = MAGIC_BUSY; XX return(mem); XX } @//E*O*F malloc.patch// chmod u=rw,g=rw,o=rw malloc.patch echo Inspecting for damage in transit... temp=/tmp/sharin$$; dtemp=/tmp/sharout$$ trap "rm -f $temp $dtemp; exit" 0 1 2 3 15 cat > $temp <<\!!! 20 60 450 malloc.patch !!! wc malloc.patch | sed 's=[^ ]*/==' | diff -b $temp - >$dtemp if test -s $dtemp then echo "Ouch [diff of wc output]:" ; cat $dtemp else echo "No problems found." fi exit 0