diff options
| author | Keef Aragon <keef.aragon@konscious.net> | 2022-08-17 08:45:15 +0200 |
|---|---|---|
| committer | Richard Biener <rguenther@suse.de> | 2022-08-17 10:40:01 +0200 |
| commit | 5bc2042df437cd8aeebcdf5bbb858678e3733ca4 (patch) | |
| tree | 2a247a8ba1bfc58c4b154a41acf898b75378ace4 | |
| parent | 3cab897a67af120aa18efa7ddd7ee49b9a29e5dd (diff) | |
| download | gcc-5bc2042df437cd8aeebcdf5bbb858678e3733ca4.zip gcc-5bc2042df437cd8aeebcdf5bbb858678e3733ca4.tar.gz gcc-5bc2042df437cd8aeebcdf5bbb858678e3733ca4.tar.bz2 | |
Fix bug in emergency cxa pool free
This probably has never actually affected anyone in practice. The normal
ABI implementation just uses malloc and only falls back to the pool on
malloc failure. But if that happens a bunch of times the freelist gets out
of order which violates some of the invariants of the freelist (as well as
the comments that follow the bug). The bug is just a comparison reversal
when traversing the freelist in the case where the pointer being returned
to the pool is after the existing freelist.
libstdc++-v3/
* libsupc++/eh_alloc.cc (pool::free): Inverse comparison.
| -rw-r--r-- | libstdc++-v3/libsupc++/eh_alloc.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libstdc++-v3/libsupc++/eh_alloc.cc b/libstdc++-v3/libsupc++/eh_alloc.cc index c85b9ae..68f3198 100644 --- a/libstdc++-v3/libsupc++/eh_alloc.cc +++ b/libstdc++-v3/libsupc++/eh_alloc.cc @@ -224,8 +224,8 @@ namespace free_entry **fe; for (fe = &first_free_entry; (*fe)->next - && (reinterpret_cast <char *> ((*fe)->next) - > reinterpret_cast <char *> (e) + sz); + && (reinterpret_cast <char *> (e) + sz + > reinterpret_cast <char *> ((*fe)->next)); fe = &(*fe)->next) ; // If we can merge the next block into us do so and continue |