alloc: fix case where poolsize is not a power of 2.
authorRusty Russell <rusty@rustcorp.com.au>
Sat, 25 Sep 2010 15:12:46 +0000 (00:42 +0930)
committerRusty Russell <rusty@rustcorp.com.au>
Sat, 25 Sep 2010 15:12:46 +0000 (00:42 +0930)
ccan/alloc/alloc.c
ccan/alloc/test/run-corrupt.c [new file with mode: 0644]

index 6cd96d8d8a3681713273f3ed45f8bcea59f49281..40b5b6ec6ddbedd9f16cb0aade0e75960727e809 100644 (file)
@@ -133,7 +133,7 @@ static unsigned int size_to_bucket(unsigned long size)
 
 static unsigned int small_page_bits(unsigned long poolsize)
 {
-       return fls(poolsize / MAX_SMALL_PAGES / 2);
+       return fls(poolsize / MAX_SMALL_PAGES - 1);
 }
 
 static struct page_header *from_pgnum(struct header *head,
@@ -404,6 +404,7 @@ void alloc_init(void *pool, unsigned long poolsize)
        /* Add the rest of the pages as large pages. */
        i = SMALL_PAGES_PER_LARGE_PAGE;
        while ((i << sp_bits) + (1 << lp_bits) <= poolsize) {
+               assert(i < MAX_SMALL_PAGES);
                ph = from_pgnum(head, i, sp_bits);
                ph->elements_used = 0;
                add_large_page_to_freelist(head, ph, sp_bits);
diff --git a/ccan/alloc/test/run-corrupt.c b/ccan/alloc/test/run-corrupt.c
new file mode 100644 (file)
index 0000000..3e7be17
--- /dev/null
@@ -0,0 +1,26 @@
+/* Example allocation which caused corruption. */
+#include <ccan/alloc/alloc.c>
+#include <ccan/alloc/bitops.c>
+#include <ccan/alloc/tiny.c>
+#include <ccan/tap/tap.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[])
+{
+       void *mem;
+
+       plan_tests(7);
+
+       mem = malloc(1179648);
+       alloc_init(mem, 1179648);
+       ok1(alloc_check(mem, 1179648));
+       ok1(alloc_get(mem, 1179648, 48, 16));
+       ok1(alloc_check(mem, 1179648));
+       ok1(alloc_get(mem, 1179648, 53, 16));
+       ok1(alloc_check(mem, 1179648));
+       ok1(alloc_get(mem, 1179648, 53, 16));
+       ok1(alloc_check(mem, 1179648));
+       free(mem);
+
+       return exit_status();
+}