From 9f25a5529a2e7aa6226851d2b9e3ccc77abdb88a Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sat, 16 May 2009 23:57:30 -0400 Subject: [PATCH] Fix an assertion-failure in memarea_alloc() on 64-bit platforms. The trick is that we should assert that our next_mem pointer has not run off the end of the array _before_ we realign the pointer, since doing that could take us over the end... but only if we're on a system where malloc() gives us ram in increments smaller than sizeof(void*). --- ChangeLog | 7 ++++++- src/common/memarea.c | 8 ++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b898ff8f64..65656f5dec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,7 +12,12 @@ Changes in version 0.2.1.15??? - ????-??-?? directory authority. Fixes part of bug 932. - When we change to or from being a bridge, reset our counts of client usage by country. Fixes bug 932. - - Fix a bug that made stream bandwidth get misreported to the controller. + - Fix a bug that made stream bandwidth get misreported to the + controller. + - Fix an assertion failure on 64-bit platforms when we allocated + memory right up to the end of a memarea, then realigned the + memory one step beyond the end. Fixes a possible cause of bug + 930. Changes in version 0.2.1.14-rc - 2009-04-12 diff --git a/src/common/memarea.c b/src/common/memarea.c index 7771f2c2ac..1c81e2fd78 100644 --- a/src/common/memarea.c +++ b/src/common/memarea.c @@ -182,6 +182,8 @@ memarea_alloc(memarea_t *area, size_t sz) memarea_chunk_t *chunk = area->first; char *result; tor_assert(chunk); + if (sz == 0) + sz = 1; if (chunk->next_mem+sz > chunk->u.mem+chunk->mem_size) { if (sz+CHUNK_HEADER_SIZE >= CHUNK_SIZE) { /* This allocation is too big. Stick it in a special chunk, and put @@ -198,10 +200,11 @@ memarea_alloc(memarea_t *area, size_t sz) tor_assert(chunk->mem_size >= sz); } result = chunk->next_mem; - chunk->next_mem = realign_pointer(chunk->next_mem + sz); + chunk->next_mem = chunk->next_mem + sz; // XXXX021 remove these once bug 930 is solved. tor_assert(chunk->next_mem >= chunk->u.mem); tor_assert(chunk->next_mem <= chunk->u.mem+chunk->mem_size); + chunk->next_mem = realign_pointer(chunk->next_mem); return result; } @@ -272,7 +275,8 @@ memarea_assert_ok(memarea_t *area) for (chunk = area->first; chunk; chunk = chunk->next_chunk) { tor_assert(chunk->next_mem >= chunk->u.mem); - tor_assert(chunk->next_mem <= chunk->u.mem+chunk->mem_size+MEMAREA_ALIGN); + tor_assert(chunk->next_mem <= + (char*) realign_pointer(chunk->u.mem+chunk->mem_size)); } }