alloc: fix case where poolsize is not a power of 2.

9f43b2f8 · Rusty Russell · 82569e8c · 9f43b2f8 · 9f43b2f8
Commit 9f43b2f8 authored Sep 26, 2010 by Rusty Russell
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 1 deletion

ccan/alloc/alloc.c ccan/alloc/alloc.c +2 -1

ccan/alloc/test/run-corrupt.c ccan/alloc/test/run-corrupt.c +26 -0

No files found.
--- a/ccan/alloc/alloc.c
+++ b/ccan/alloc/alloc.c
@@ -133,7 +133,7 @@ static unsigned int size_to_bucket(unsigned long size)
 static unsigned int small_page_bits(unsigned long poolsize)
 {
-	return fls(poolsize / MAX_SMALL_PAGES / 2);
+	return fls(poolsize / MAX_SMALL_PAGES - 1);
 }
 static struct page_header *from_pgnum(struct header *head,
@@ -404,6 +404,7 @@ void alloc_init(void *pool, unsigned long poolsize)
 	/* Add the rest of the pages as large pages. */
 	i = SMALL_PAGES_PER_LARGE_PAGE;
 	while ((i << sp_bits) + (1 << lp_bits) <= poolsize) {
+		assert(i < MAX_SMALL_PAGES);
 		ph = from_pgnum(head, i, sp_bits);
 		ph->elements_used = 0;
 		add_large_page_to_freelist(head, ph, sp_bits);

--- a/ccan/alloc/test/run-corrupt.c
+++ b/ccan/alloc/test/run-corrupt.c
+/* Example allocation which caused corruption. */
+#include <ccan/alloc/alloc.c>
+#include <ccan/alloc/bitops.c>
+#include <ccan/alloc/tiny.c>
+#include <ccan/tap/tap.h>
+#include <stdlib.h>
+int main(int argc, char *argv[])
+{
+	void *mem;
+	plan_tests(7);
+	mem = malloc(1179648);
+	alloc_init(mem, 1179648);
+	ok1(alloc_check(mem, 1179648));
+	ok1(alloc_get(mem, 1179648, 48, 16));
+	ok1(alloc_check(mem, 1179648));
+	ok1(alloc_get(mem, 1179648, 53, 16));
+	ok1(alloc_check(mem, 1179648));
+	ok1(alloc_get(mem, 1179648, 53, 16));
+	ok1(alloc_check(mem, 1179648));
+	free(mem);
+	return exit_status();
+}