[sr-dev] git:master: mem: fix f_malloc big fragments bug
Andrei Pelinescu-Onciul
andrei at iptel.org
Thu Mar 11 21:16:33 CET 2010
Module: sip-router
Branch: master
Commit: c7099d0a1204120277cf662cc05ab35180d89538
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c7099d0a1204120277cf662cc05ab35180d89538
Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date: Thu Mar 11 21:08:20 2010 +0100
mem: fix f_malloc big fragments bug
In some situation, when dealing with several big free fragments
(>16k) f_malloc would wrongly choose a fragment with a smaller
size then requested. This would create the impression that someone
arbitrarily overwrites the memory.
First symptoms were some tls crashes reported by
Klaus Darilion klaus.darilion at nic.at.
Reproduced using the malloc_test module.
---
mem/f_malloc.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/mem/f_malloc.c b/mem/f_malloc.c
index c49a252..2c05fe6 100644
--- a/mem/f_malloc.c
+++ b/mem/f_malloc.c
@@ -337,7 +337,7 @@ void* fm_malloc(struct fm_block* qm, unsigned long size)
hash=fm_bmp_first_set(qm, GET_HASH(size));
if (likely(hash>=0)){
f=&(qm->free_hash[hash].first);
- if (likely(hash<=F_MALLOC_OPTIMIZE)) /* return first match */
+ if (likely(hash<=F_MALLOC_OPTIMIZE/ROUNDTO)) /* return first match */
goto found;
for(;(*f); f=&((*f)->u.nxt_free))
if ((*f)->size>=size) goto found;
@@ -346,7 +346,7 @@ void* fm_malloc(struct fm_block* qm, unsigned long size)
for(hash=GET_HASH(size);hash<F_HASH_SIZE;hash++){
f=&(qm->free_hash[hash].first);
#if 0
- if (likely(hash<=F_MALLOC_OPTIMIZE)) /* return first match */
+ if (likely(hash<=F_MALLOC_OPTIMIZE/ROUNDTO)) /* return first match */
goto found;
#endif
for(;(*f); f=&((*f)->u.nxt_free))
More information about the sr-dev
mailing list