Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!AI.SRI.COM!pereira
From: pereira@AI.SRI.COM (Fernando Pereira)
Newsgroups: gnu.emacs.bug
Subject: realloc bug in Emacs 18.53
Message-ID: <8902250646.AA00675@drakes.ai.sri.com>
Date: 25 Feb 89 06:46:53 GMT
Sender: daemon@tut.cis.ohio-state.edu
Distribution: gnu
Organization: GNUs Not Usenet
Lines: 47


Changes to malloc.c in version 18.53 broke realloc. This causes
problems for the Sun support code because SunView functions call
realloc. In particular, Emacs fails an integrity check in free and
dumps core when menu_destroy (a SunView function) tries to free a
malloc block whose header has been corrupted by realloc. The changes
below solve the problem

*** malloc.c-18.53	Fri Feb 24 17:55:48 1989
--- malloc.c	Fri Feb 24 18:07:08 1989
***************
*** 578,584 ****
    register int nunits;
  
!   if ((p = (struct mhead *) mem) == 0)
      return malloc (n);
!   p -= (8 / sizeof (struct mhead));
    nunits = p -> mh_index;
    ASSERT (p -> mh_alloc == ISALLOC);
--- 578,584 ----
    register int nunits;
  
!   if (mem == 0)
      return malloc (n);
!   p = (struct mhead *) (mem - ((sizeof *p + 7) & ~7));
    nunits = p -> mh_index;
    ASSERT (p -> mh_alloc == ISALLOC);
***************
*** 598,602 ****
  
    /* See if desired size rounds to same power of 2 as actual size. */
!   nbytes = (n + sizeof *p + EXTRA + 7) & ~7;
  
    /* If ok, use the same block, just marking its size as changed.  */
--- 598,602 ----
  
    /* See if desired size rounds to same power of 2 as actual size. */
!   nbytes = (n + ((sizeof *p + 7) & ~7) + EXTRA + 7) & ~7;
  
    /* If ok, use the same block, just marking its size as changed.  */


Fernando Pereira
Artificial Intelligence Center
SRI International

pereira@ai.sri.com