PR# 14574 Postcondition of `get_to_from_core' will be violated
Problem Report Summary
Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:220.127.116.11) Gecko/20080421 Firefox/18.104.22.168 OpenSolaris 2008.05 snv_91 on x86
Synopsis: Postcondition of `get_to_from_core' will be violated
Based on code inspection only, it looks like the postcondition of routine `get_to_from_core' (in malloc.c) will be violated. The body of this routine is Result = allocate_from_core (eif_chunk_size - OVERHEAD - sizeof(struct chunk), e_hlist, 1); ENSURE("block is indeed of the right size", (eif_chunk_size - OVERHEAD) == (HEADER(Result)->ov_size & B_SIZE)); Routine `allocate_from_core' immediately calls `add_core' with the number of bytes (eif_chunk_size - OVERHEAD - sizeof(struct chunk)). Routine `add_core' adds back in OVERHEAD + sizeof(struct chunk), so that asked == eif_chunk_size. Then it adds sizeof(struct chunk) to ensure remaining space is a multiple of ALIGNMAX. After calling malloc, it subtracts OVERHEAD + sizeof(struct chunk), leaving value of `asked' as eif_chunk_size + sizeof(struct chunk). This value is stored in the block header. Allocate_core then gets this value from the block header and passes it to set_up, which of course cannot split the block. So the assertion will fail. The assertion should either be fixed so that it is correct (might be difficult if bug #14572 suggestions are implemented) or removed altogether.
Problem Report Interactions