fix rare but nasty under-allocation bug in malloc with large requests

[musl] / src / malloc / malloc.c

diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index a4eefda..46cc21f 100644 (file)
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -179,7 +179,7 @@ fail:
        return 0;
 }
 
-static int init_malloc()
+static int init_malloc(size_t n)
 {
        static int init, waiters;
        int state;
@@ -196,7 +196,7 @@ static int init_malloc()
 
        mal.brk = __brk(0) + 2*SIZE_ALIGN-1 & -SIZE_ALIGN;
 
-       c = expand_heap(1);
+       c = expand_heap(n);
 
        if (!c) {
                a_store(&init, 0);
@@ -210,7 +210,7 @@ static int init_malloc()
 
        a_store(&init, 2);
        if (waiters) __wake(&init, -1, 1);
-       return 0;
+       return 1;
 }
 
 static int adjust_size(size_t *n)
@@ -333,7 +333,7 @@ void *malloc(size_t n)
        if (adjust_size(&n) < 0) return 0;
 
        if (n > MMAP_THRESHOLD) {
-               size_t len = n + PAGE_SIZE - 1 & -PAGE_SIZE;
+               size_t len = n + OVERHEAD + PAGE_SIZE - 1 & -PAGE_SIZE;
                char *base = __mmap(0, len, PROT_READ|PROT_WRITE,
                        MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
                if (base == (void *)-1) return 0;
@@ -347,7 +347,7 @@ void *malloc(size_t n)
        for (;;) {
                uint64_t mask = mal.binmap & -(1ULL<<i);
                if (!mask) {
-                       init_malloc();
+                       if (init_malloc(n) > 0) continue;
                        c = expand_heap(n);
                        if (!c) return 0;
                        if (alloc_rev(c)) {