PR# 14574 Postcondition of `get_to_from_core' will be violated

Problem Report Summary

Submitter: prestoat2000

Category: Runtime

Priority: Medium

Date: 2008/07/10

Class: Bug

Severity: Non-critical

Number: 14574

Release: 6.2.73753

Confidential: No

Status: Open

Responsible:

Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080421 Firefox/2.0.0.14 OpenSolaris 2008.05 snv_91 on x86

Synopsis: Postcondition of `get_to_from_core' will be violated

Description

Based on code inspection only, it looks like the postcondition of routine
`get_to_from_core' (in malloc.c) will be violated.  The body of this routine is

        Result = allocate_from_core (eif_chunk_size - OVERHEAD - sizeof(struct chunk), e_hlist, 1);

        ENSURE("block is indeed of the right size", (eif_chunk_size - OVERHEAD) == (HEADER(Result)->ov_size & B_SIZE));

Routine `allocate_from_core' immediately calls `add_core' with the number of
bytes (eif_chunk_size - OVERHEAD - sizeof(struct chunk)).  Routine `add_core'
adds back in OVERHEAD + sizeof(struct chunk), so that asked == eif_chunk_size.
Then it adds sizeof(struct chunk) to ensure remaining space is a multiple of
ALIGNMAX.  After calling malloc, it subtracts OVERHEAD + sizeof(struct chunk),
leaving value of `asked' as eif_chunk_size + sizeof(struct chunk).  This
value is stored in the block header.  Allocate_core then gets this value
from the block header and passes it to set_up, which of course cannot split
the block.  So the assertion will fail.  

The assertion should either be fixed so that it is correct (might be difficult
if bug #14572 suggestions are implemented) or removed altogether.

To Reproduce

Problem Report Interactions