summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-08-23 09:43:45 -0400
committerRich Felker <dalias@aerifal.cx>2011-08-23 09:43:45 -0400
commit1c8bead345eca58ddc5177a121142b527937adee (patch)
tree75620e8cf4815c94eed8d1d69d3062b7b5893709
parentdf0b5a49406763aa4719dfad561a5de8924ecd59 (diff)
downloadmusl-1c8bead345eca58ddc5177a121142b527937adee.tar.gz
musl-1c8bead345eca58ddc5177a121142b527937adee.tar.bz2
musl-1c8bead345eca58ddc5177a121142b527937adee.tar.xz
musl-1c8bead345eca58ddc5177a121142b527937adee.zip
use new a_crash() asm to optimize double-free handler.
gcc generates extremely bad code (7 byte immediate mov) for the old null pointer write approach. it should be generating something like "xor %eax,%eax ; mov %al,(%eax)". in any case, using a dedicated crashing opcode accomplishes the same thing in one byte.
-rw-r--r--src/malloc/malloc.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 0888afa9..abf3e8fa 100644
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -394,7 +394,7 @@ void *realloc(void *p, size_t n)
size_t oldlen = n0 + extra;
size_t newlen = n + extra;
/* Crash on realloc of freed chunk */
- if (extra & 1) *(volatile char *)0=0;
+ if (extra & 1) a_crash();
if (newlen < PAGE_SIZE && (new = malloc(n))) {
memcpy(new, p, n-OVERHEAD);
free(p);
@@ -457,7 +457,7 @@ void free(void *p)
char *base = (char *)self - extra;
size_t len = CHUNK_SIZE(self) + extra;
/* Crash on double free */
- if (extra & 1) *(volatile char *)0=0;
+ if (extra & 1) a_crash();
__munmap(base, len);
return;
}