[sr-dev] git:master: mem: fix f_malloc big fragments bug

Andrei Pelinescu-Onciul andrei at iptel.org
Thu Mar 11 21:16:33 CET 2010


Module: sip-router
Branch: master
Commit: c7099d0a1204120277cf662cc05ab35180d89538
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=c7099d0a1204120277cf662cc05ab35180d89538

Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date:   Thu Mar 11 21:08:20 2010 +0100

mem: fix f_malloc big fragments bug

In some situation, when dealing with several big free fragments
(>16k) f_malloc would wrongly choose a fragment with a smaller
size then requested. This would create the impression that someone
arbitrarily overwrites the memory.

First symptoms were some tls crashes reported by
Klaus Darilion  klaus.darilion at nic.at.
Reproduced using the malloc_test module.

---

 mem/f_malloc.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mem/f_malloc.c b/mem/f_malloc.c
index c49a252..2c05fe6 100644
--- a/mem/f_malloc.c
+++ b/mem/f_malloc.c
@@ -337,7 +337,7 @@ void* fm_malloc(struct fm_block* qm, unsigned long size)
 	hash=fm_bmp_first_set(qm, GET_HASH(size));
 	if (likely(hash>=0)){
 		f=&(qm->free_hash[hash].first);
-	if (likely(hash<=F_MALLOC_OPTIMIZE)) /* return first match */
+	if (likely(hash<=F_MALLOC_OPTIMIZE/ROUNDTO)) /* return first match */
 			goto found; 
 		for(;(*f); f=&((*f)->u.nxt_free))
 			if ((*f)->size>=size) goto found;
@@ -346,7 +346,7 @@ void* fm_malloc(struct fm_block* qm, unsigned long size)
 	for(hash=GET_HASH(size);hash<F_HASH_SIZE;hash++){
 		f=&(qm->free_hash[hash].first);
 #if 0
-		if (likely(hash<=F_MALLOC_OPTIMIZE)) /* return first match */
+		if (likely(hash<=F_MALLOC_OPTIMIZE/ROUNDTO)) /* return first match */
 				goto found; 
 #endif
 		for(;(*f); f=&((*f)->u.nxt_free))




More information about the sr-dev mailing list