use new a_crash() asm to optimize double-free handler.

gcc generates extremely bad code (7 byte immediate mov) for the old
null pointer write approach. it should be generating something like
"xor %eax,%eax ; mov %al,(%eax)". in any case, using a dedicated
crashing opcode accomplishes the same thing in one byte.

diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 0888afa..abf3e8f 100644 (file)
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -394,7 +394,7 @@ void *realloc(void *p, size_t n)
                size_t oldlen = n0 + extra;
                size_t newlen = n + extra;
                /* Crash on realloc of freed chunk */
                size_t oldlen = n0 + extra;
                size_t newlen = n + extra;
                /* Crash on realloc of freed chunk */

-               if (extra & 1) *(volatile char *)0=0;
+               if (extra & 1) a_crash();

                if (newlen < PAGE_SIZE && (new = malloc(n))) {
                        memcpy(new, p, n-OVERHEAD);
                        free(p);
                if (newlen < PAGE_SIZE && (new = malloc(n))) {
                        memcpy(new, p, n-OVERHEAD);
                        free(p);


@@ -457,7 +457,7 @@ void free(void *p)
                char *base = (char *)self - extra;
                size_t len = CHUNK_SIZE(self) + extra;
                /* Crash on double free */
                char *base = (char *)self - extra;
                size_t len = CHUNK_SIZE(self) + extra;
                /* Crash on double free */

-               if (extra & 1) *(volatile char *)0=0;
+               if (extra & 1) a_crash();

                __munmap(base, len);
                return;
        }
                __munmap(base, len);
                return;
        }