From owner-svn-src-all@FreeBSD.ORG  Thu Sep 10 12:55:09 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5BF69106566C;
	Thu, 10 Sep 2009 12:55:09 +0000 (UTC)
	(envelope-from attilio@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 4A6958FC19;
	Thu, 10 Sep 2009 12:55:09 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n8ACt9mu020014;
	Thu, 10 Sep 2009 12:55:09 GMT (envelope-from attilio@svn.freebsd.org)
Received: (from attilio@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n8ACt9EO020011;
	Thu, 10 Sep 2009 12:55:09 GMT (envelope-from attilio@svn.freebsd.org)
Message-Id: <200909101255.n8ACt9EO020011@svn.freebsd.org>
From: Attilio Rao <attilio@FreeBSD.org>
Date: Thu, 10 Sep 2009 12:55:09 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-6@freebsd.org
X-SVN-Group: stable-6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r197061 - stable/6/contrib/gdtoa
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2009 12:55:09 -0000

Author: attilio
Date: Thu Sep 10 12:55:09 2009
New Revision: 197061
URL: http://svn.freebsd.org/changeset/base/197061

Log:
  MFC r196916:
  Fix a list overrun.
  
  Sponsored by: Sandvine Incorporated

Modified:
  stable/6/contrib/gdtoa/gdtoaimp.h
  stable/6/contrib/gdtoa/misc.c

Modified: stable/6/contrib/gdtoa/gdtoaimp.h
==============================================================================
--- stable/6/contrib/gdtoa/gdtoaimp.h	Thu Sep 10 12:42:36 2009	(r197060)
+++ stable/6/contrib/gdtoa/gdtoaimp.h	Thu Sep 10 12:55:09 2009	(r197061)
@@ -479,7 +479,7 @@ extern pthread_mutex_t __gdtoa_locks[2];
 		_pthread_mutex_unlock(&__gdtoa_locks[n]);	\
 } while(0)
 
-#define Kmax 15
+#define Kmax 9
 
  struct
 Bigint {

Modified: stable/6/contrib/gdtoa/misc.c
==============================================================================
--- stable/6/contrib/gdtoa/misc.c	Thu Sep 10 12:42:36 2009	(r197060)
+++ stable/6/contrib/gdtoa/misc.c	Thu Sep 10 12:55:09 2009	(r197061)
@@ -61,7 +61,9 @@ Balloc
 #endif
 
 	ACQUIRE_DTOA_LOCK(0);
-	if ( (rv = freelist[k]) !=0) {
+	/* The k > Kmax case does not need ACQUIRE_DTOA_LOCK(0), */
+	/* but this case seems very unlikely. */
+	if (k <= Kmax && (rv = freelist[k]) !=0) {
 		freelist[k] = rv->next;
 		}
 	else {
@@ -71,7 +73,7 @@ Balloc
 #else
 		len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1)
 			/sizeof(double);
-		if (pmem_next - private_mem + len <= PRIVATE_mem) {
+		if (k <= Kmax && pmem_next - private_mem + len <= PRIVATE_mem) {
 			rv = (Bigint*)pmem_next;
 			pmem_next += len;
 			}
@@ -95,10 +97,14 @@ Bfree
 #endif
 {
 	if (v) {
-		ACQUIRE_DTOA_LOCK(0);
-		v->next = freelist[v->k];
-		freelist[v->k] = v;
-		FREE_DTOA_LOCK(0);
+		if (v->k > Kmax)
+			free((void*)v);
+		else {
+			ACQUIRE_DTOA_LOCK(0);
+			v->next = freelist[v->k];
+			freelist[v->k] = v;
+			FREE_DTOA_LOCK(0);
+			}
 		}
 	}