PR# 14574 Postcondition of `get_to_from_core' will be violated
Problem Report Summary
Submitter: prestoat2000
Category: Runtime
Priority: Medium
Date: 2008/07/10
Class: Bug
Severity: Non-critical
Number: 14574
Release: 6.2.73753
Confidential: No
Status: Open
Responsible:
Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080421 Firefox/2.0.0.14
OpenSolaris 2008.05 snv_91 on x86
Synopsis: Postcondition of `get_to_from_core' will be violated
Description
Based on code inspection only, it looks like the postcondition of routine `get_to_from_core' (in malloc.c) will be violated. The body of this routine is Result = allocate_from_core (eif_chunk_size - OVERHEAD - sizeof(struct chunk), e_hlist, 1); ENSURE("block is indeed of the right size", (eif_chunk_size - OVERHEAD) == (HEADER(Result)->ov_size & B_SIZE)); Routine `allocate_from_core' immediately calls `add_core' with the number of bytes (eif_chunk_size - OVERHEAD - sizeof(struct chunk)). Routine `add_core' adds back in OVERHEAD + sizeof(struct chunk), so that asked == eif_chunk_size. Then it adds sizeof(struct chunk) to ensure remaining space is a multiple of ALIGNMAX. After calling malloc, it subtracts OVERHEAD + sizeof(struct chunk), leaving value of `asked' as eif_chunk_size + sizeof(struct chunk). This value is stored in the block header. Allocate_core then gets this value from the block header and passes it to set_up, which of course cannot split the block. So the assertion will fail. The assertion should either be fixed so that it is correct (might be difficult if bug #14572 suggestions are implemented) or removed altogether.
To Reproduce
Problem Report Interactions