re PR other/40024 (trunk/gcc-4.3/gcc: * emutls.c (emutls_destroy): Don' t fall out of the array bound.)

	PR other/40024
	* emutls.c (__emutls_get_address): Change arr->size to mean number
	of allocated arr->data entries instead of # of slots + 1.

From-SVN: r148061

2 files changed, 9 insertions, 5 deletions

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 70f131d..0156562 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,5 +1,9 @@
 2009-06-01  Jakub Jelinek  <jakub@redhat.com>
 
+	PR other/40024
+	* emutls.c (__emutls_get_address): Change arr->size to mean number
+	of allocated arr->data entries instead of # of slots + 1.
+
 	PR middle-end/40316
 	* recog.c (peep2_reinit_state): New function.
 	(peephole2_init_state): Use it at the end of a basic block and also
diff --git a/gcc/emutls.c b/gcc/emutls.c
index a9c7cf6..b7ee3bd 100644
--- a/gcc/emutls.c
+++ b/gcc/emutls.c
@@ -155,23 +155,23 @@ __emutls_get_address (struct __emutls_object *obj)
   if (__builtin_expect (arr == NULL, 0))
     {
       pointer size = offset + 32;
-      arr = calloc (size, sizeof (void *));
+      arr = calloc (size + 1, sizeof (void *));
       if (arr == NULL)
 	abort ();
       arr->size = size;
       __gthread_setspecific (emutls_key, (void *) arr);
     }
-  else if (__builtin_expect (offset >= arr->size, 0))
+  else if (__builtin_expect (offset > arr->size, 0))
     {
       pointer orig_size = arr->size;
       pointer size = orig_size * 2;
-      if (offset >= size)
+      if (offset > size)
 	size = offset + 32;
-      arr = realloc (arr, size * sizeof (void *));
+      arr = realloc (arr, (size + 1) * sizeof (void *));
       if (arr == NULL)
 	abort ();
       arr->size = size;
-      memset (arr->data + orig_size - 1, 0,
+      memset (arr->data + orig_size, 0,
 	      (size - orig_size) * sizeof (void *));
       __gthread_setspecific (emutls_key, (void *) arr);
     }