PR# 14663 Malloc_free_list can allocate memory unnecessarily on 64-bit platform

Problem Report Summary

Submitter: prestoat2000

Category: Runtime

Priority: Medium

Date: 2008/07/24

Class: Bug

Severity: Serious

Number: 14663

Release: 6.3.74123

Confidential: No

Status: Open

Responsible:

Environment: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.13) Gecko/20080328 Firefox/2.0.0.13 Solaris 10 on SPARC

Synopsis: Malloc_free_list can allocate memory unnecessarily on 64-bit platform

Description

Based on code inspection only, it appears that routine `malloc_free_list' (in
malloc.c) can call `allocate_from_core' when it does not need to on a 64-bit
platform.  The problem is that `estimate_free_space' is declared as an
unsigned int, but it is assigned via

   estimated_free_space = (unsigned int) (rt_c_data.ml_total - rt_c_data.ml_used);

Both `ml_total' and `ml_used' structure members have type rt_uint_ptr.
So if the difference is bigger than 4 GB, the estimated free space will
have a value much smaller than the amount of space that is actually free.
This will cause the comparison

   (nbytes <= estimated_free_space)

to be false, so the routine will call `allocate_from_core' rather than trying
to do a full coalesce first.

It looks like the fix is to simply change the type of `estimated_free_space'
to rt_uint_ptr.

To Reproduce

Problem Report Interactions