From: Rich Felker Date: Tue, 17 Apr 2018 19:18:49 +0000 (-0400) Subject: comment __malloc_donate overflow logic X-Git-Tag: v1.1.20~120 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=14032c30e2d41e5c0dac25d399f7086f74d4e0c8;p=oweals%2Fmusl.git comment __malloc_donate overflow logic --- diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c index 6605ec3a..991300cc 100644 --- a/src/malloc/malloc.c +++ b/src/malloc/malloc.c @@ -563,6 +563,9 @@ void __malloc_donate(char *start, char *end) size_t align_start_up = (SIZE_ALIGN-1) & (-(uintptr_t)start - OVERHEAD); size_t align_end_down = (SIZE_ALIGN-1) & (uintptr_t)end; + /* Getting past this condition ensures that the padding for alignment + * and header overhead will not overflow and will leave a nonzero + * multiple of SIZE_ALIGN bytes between start and end. */ if (end - start <= OVERHEAD + align_start_up + align_end_down) return; start += align_start_up + OVERHEAD;