git:sr_3.0: mem: fix f_malloc big fragments bug - sr-dev

11 Mar 2010

Module: sip-router
Branch: sr_3.0
Commit: b8592ad5ea877cf1299519ed209110cc59e87995
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b8592ad5...
Author: Andrei Pelinescu-Onciul andrei@iptel.org
Committer: Andrei Pelinescu-Onciul andrei@iptel.org
Date:   Thu Mar 11 21:08:20 2010 +0100
mem: fix f_malloc big fragments bug
In some situation, when dealing with several big free fragments
(>16k) f_malloc would wrongly choose a fragment with a smaller
size then requested. This would create the impression that someone
arbitrarily overwrites the memory.
First symptoms were some tls crashes reported by
Klaus Darilion  klaus.darilion@nic.at.
Reproduced using the malloc_test module.
(cherry picked from commit c7099d0a1204120277cf662cc05ab35180d89538)
---
mem/f_malloc.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mem/f_malloc.c b/mem/f_malloc.c
index c49a252..2c05fe6 100644
--- a/mem/f_malloc.c
+++ b/mem/f_malloc.c
@@ -337,7 +337,7 @@ void* fm_malloc(struct fm_block* qm, unsigned long size)
    hash=fm_bmp_first_set(qm, GET_HASH(size));
    if (likely(hash>=0)){
    	f=&(qm->free_hash[hash].first);
-	if (likely(hash<=F_MALLOC_OPTIMIZE)) /* return first match */
+	if (likely(hash<=F_MALLOC_OPTIMIZE/ROUNDTO)) /* return first match */
    		goto found; 
    	for(;(*f); f=&((*f)->u.nxt_free))
    		if ((*f)->size>=size) goto found;
@@ -346,7 +346,7 @@ void* fm_malloc(struct fm_block* qm, unsigned long size)
    for(hash=GET_HASH(size);hash<F_HASH_SIZE;hash++){
    	f=&(qm->free_hash[hash].first);
 #if 0
-		if (likely(hash<=F_MALLOC_OPTIMIZE)) /* return first match */
+		if (likely(hash<=F_MALLOC_OPTIMIZE/ROUNDTO)) /* return first match */
    			goto found; 
 #endif
    	for(;(*f); f=&((*f)->u.nxt_free))

    