Message-Id:	<m0z0lKs-000XepC@sloep11.cs.vu.nl>
Date:	Mon, 27 Jul 98 13:20 +0200
From:	Boon van der RJ <rjvdboon AT cs DOT vu DOT nl>
To:	dj AT delorie DOT com, djgpp-workers AT delorie DOT com
Subject:	2.02alpha patch for [f]malloc's free and realloc

Hallo DJ and workers,

I think there is a bug in free and realloc off malloc.c and fmalloc.c
In malloc.c there is (as far as i'm in to it) a bug because it also
computes the BLOCK of a NULL pointer. I have changed it to compute it
after checking for a NULL.
In fmalloc.c there is no checking for NULL at all, so crashes often,
also i fixed the same as in malloc.c.

I have included a patch for both fmalloc.c and malloc.c.

hth,
 Robert.
======= diffs =====
*** src\libc\ansi\stdlib\fmalloc.c.org	Fri Jan  2 01:06:00 1998
--- src\libc\ansi\stdlib\fmalloc.c	Sun Jul 26 10:59:18 1998
***************
*** 62,68 ****
  void
  free(void *ptr)
  {
!   int b = *(int *)((char *)ptr-4);
    *(char **)ptr = buckets[b];
    buckets[b] = ptr;
  }
--- 62,71 ----
  void
  free(void *ptr)
  {
!   int b;
!   if (ptr == 0)
!     return;
!   b = *(int *)((char *)ptr-4);
    *(char **)ptr = buckets[b];
    buckets[b] = ptr;
  }
***************
*** 71,82 ****
  realloc(void *ptr, size_t size)
  {
    char *newptr;
!   int oldsize = bucket2size[*(int *)((char *)ptr-4)];
    if (size <= oldsize)
      return ptr;
    newptr = (char *)malloc(size);
    memcpy(ptr, newptr, oldsize);
    free(ptr);
    return newptr;
- 
  }
--- 74,87 ----
  realloc(void *ptr, size_t size)
  {
    char *newptr;
!   int oldsize;
!   if (ptr == 0)
!     return malloc(size);
!   oldsize = bucket2size[*(int *)((char *)ptr-4)];
    if (size <= oldsize)
      return ptr;
    newptr = (char *)malloc(size);
    memcpy(ptr, newptr, oldsize);
    free(ptr);
    return newptr;
  }
*** src\libc\ansi\stdlib\malloc.c.org	Sun Jun 28 22:14:04 1998
--- src\libc\ansi\stdlib\malloc.c	Sun Jul 26 11:04:22 1998
***************
*** 279,287 ****
  free(void *ptr)
  {
    int b;
!   BLOCK *block = (BLOCK *)((char *)ptr-4);
    if (ptr == 0)
      return;
  
  #if NUMSMALL
    if (block->size < SMALL)
--- 279,288 ----
  free(void *ptr)
  {
    int b;
!   BLOCK *block;
    if (ptr == 0)
      return;
+   block = (BLOCK *)((char *)ptr-4);
  
  #if NUMSMALL
    if (block->size < SMALL)
***************
*** 326,338 ****
  void *
  realloc(void *ptr, size_t size)
  {
!   BLOCK *b = (BLOCK *)((char *)ptr-4);
    char *newptr;
    int copysize;
  
    if (ptr == 0)
      return malloc(size);
  
    copysize = b->size;
    if (size <= b->size)
    {
--- 327,340 ----
  void *
  realloc(void *ptr, size_t size)
  {
!   BLOCK *b;
    char *newptr;
    int copysize;
  
    if (ptr == 0)
      return malloc(size);
  
+   b = (BLOCK *)((char *)ptr-4);
    copysize = b->size;
    if (size <= b->size)
    {

- Raw text -