* fix memory allocator bug that lead to freelist corruption on the first malloc

  (and spent 8 bytes too much per malloc)
* if the memory allocator detects freelist corruption, print a message
  instead of silently dying.

Signed-off-by: Stefan Reinauer <stepan@coresystems.de>
Acked-by: Jordan Crouse <jordan.crouse@amd.com>
git-svn-id: svn://svn.coreboot.org/coreboot/trunk@3510 2b7e53f0-3cfb-0310-b3e9-8179ed1497e1

diff --git a/payloads/libpayload/libc/malloc.c b/payloads/libpayload/libc/malloc.c
index fe3d45bab841183ca23eb16112c4b89240e4e20c..3c6cf5d8332128418f46d3a0dac429b567633adf 100644 (file)
--- a/payloads/libpayload/libc/malloc.c
+++ b/payloads/libpayload/libc/malloc.c
@@ -92,13 +92,15 @@ static void *alloc(int len)
                header = *((hdrtype_t *) ptr);
                int size = SIZE(header);
 
-               if (!HAS_MAGIC(header) || size == 0)
+               if (!HAS_MAGIC(header) || size == 0) {
+                       printf("memory allocator panic.\n");
                        halt();
+               }
 
                if (header & FLAG_FREE) {
                        if (len <= size) {
                                void *nptr = ptr + (HDRSIZE + len);
-                               int nsize = size - (len + 8);
+                               int nsize = size - (HDRSIZE + len);
 
                                /* Mark the block as used. */
                                *((hdrtype_t *) ptr) = USED_BLOCK(len);
@@ -109,7 +111,7 @@ static void *alloc(int len)
 
                                if (nsize > 0)
                                        *((hdrtype_t *) nptr) =
-                                           FREE_BLOCK(nsize - 4);
+                                           FREE_BLOCK(nsize);
 
                                return (void *)(ptr + HDRSIZE);
                        }