PR# 14574 Postcondition of `get_to_from_core' will be violated

Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2008/07/10
Class: Bug
Severity: Non-critical
Number: 14574
Release: 6.2.73753
Confidential: No
Status: Open
Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv: Gecko/20080421 Firefox/ OpenSolaris 2008.05 snv_91 on x86
Synopsis: Postcondition of `get_to_from_core' will be violated

Based on code inspection only, it looks like the postcondition of routine
`get_to_from_core' (in malloc.c) will be violated.  The body of this routine is

        Result = allocate_from_core (eif_chunk_size - OVERHEAD - sizeof(struct chunk), e_hlist, 1);

        ENSURE("block is indeed of the right size", (eif_chunk_size - OVERHEAD) == (HEADER(Result)->ov_size & B_SIZE));

Routine `allocate_from_core' immediately calls `add_core' with the number of
bytes (eif_chunk_size - OVERHEAD - sizeof(struct chunk)).  Routine `add_core'
adds back in OVERHEAD + sizeof(struct chunk), so that asked == eif_chunk_size.
Then it adds sizeof(struct chunk) to ensure remaining space is a multiple of
ALIGNMAX.  After calling malloc, it subtracts OVERHEAD + sizeof(struct chunk),
leaving value of `asked' as eif_chunk_size + sizeof(struct chunk).  This
value is stored in the block header.  Allocate_core then gets this value
from the block header and passes it to set_up, which of course cannot split
the block.  So the assertion will fail.  

The assertion should either be fixed so that it is correct (might be difficult
if bug #14572 suggestions are implemented) or removed altogether.
To Reproduce

Problem Report Interactions