Fix large calloc() zeroing bugs. Refactor code such that arena_mapbits_{large,small}_set() always preserves the unzeroed flag, and manually manipulate the unzeroed flag in the one case where it actually gets reset (in arena_chunk_purge()). This fixes unzeroed preservation bugs in arena_run_split() and arena_ralloc_large_grow(). These bugs caused large calloc() to return non-zeroed memory under some circumstances.

commit: d8ceef6c5558fdab8f9448376ae065a9e5ffcbdd [log] [tgz]
author: Jason Evans <jasone@canonware.com> Thu May 10 20:59:39 2012 -0700
committer: Jason Evans <jasone@canonware.com> Thu May 10 21:49:43 2012 -0700
tree: e00e21b3cd41a4f7e3078a2c9b4c3e29183f363b
parent: 30fe12b866edbc2cf9aaef299063b392ea125aac [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 691630b..0a2b2ca 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -71,6 +71,7 @@
     write-after-free memory corruption.
   - Fix a potential deadlock that could occur during interval- and
     growth-triggered heap profile dumps.
+  - Fix large calloc() zeroing bugs due to dropping chunk map unzeroed flags.
   - Fix chunk_alloc_dss() to stop claiming memory is zeroed.  This bug could
     cause memory corruption and crashes with --enable-dss specified.
   - Fix fork-related bugs that could cause deadlock in children between fork
commit	d8ceef6c5558fdab8f9448376ae065a9e5ffcbdd	[log] [tgz]
author	Jason Evans <jasone@canonware.com>	Thu May 10 20:59:39 2012 -0700
committer	Jason Evans <jasone@canonware.com>	Thu May 10 21:49:43 2012 -0700
tree	e00e21b3cd41a4f7e3078a2c9b4c3e29183f363b
parent	30fe12b866edbc2cf9aaef299063b392ea125aac [diff] [blame]