comment __malloc_donate overflow logic

author Rich Felker <dalias@aerifal.cx>

Tue, 17 Apr 2018 19:18:49 +0000 (15:18 -0400)

committer Rich Felker <dalias@aerifal.cx>

Tue, 17 Apr 2018 23:23:01 +0000 (19:23 -0400)
author Rich Felker <dalias@aerifal.cx>
Tue, 17 Apr 2018 19:18:49 +0000 (15:18 -0400)
committer Rich Felker <dalias@aerifal.cx>
Tue, 17 Apr 2018 23:23:01 +0000 (19:23 -0400)
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c

index 6605ec3a2bc35b9cc4f81bdbbba21101ef70c756..991300ccc17bb039c2163e547a0b08171ee78287 100644 (file)
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -563,6 +563,9 @@ void __malloc_donate(char *start, char *end)
         size_t align_start_up = (SIZE_ALIGN-1) & (-(uintptr_t)start - OVERHEAD);
         size_t align_end_down = (SIZE_ALIGN-1) & (uintptr_t)end;
  
+       /* Getting past this condition ensures that the padding for alignment
+        * and header overhead will not overflow and will leave a nonzero
+        * multiple of SIZE_ALIGN bytes between start and end. */
         if (end - start <= OVERHEAD + align_start_up + align_end_down)
                 return;
         start += align_start_up + OVERHEAD;
author	Rich Felker <dalias@aerifal.cx>
	Tue, 17 Apr 2018 19:18:49 +0000 (15:18 -0400)
committer	Rich Felker <dalias@aerifal.cx>
	Tue, 17 Apr 2018 23:23:01 +0000 (19:23 -0400)