From 60022fbfba872422993caf6130ad4b92e74bb356 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 21 Jun 2016 21:29:21 +0200
Subject: [PATCH] malloc: Avoid premature fallback to mmap [BZ #20284]

Before this change, the while loop in reused_arena which avoids
returning a corrupt arena would never execute its body if the selected
arena were not corrupt.  As a result, result == begin after the loop,
and the function returns NULL, triggering fallback to mmap.

(cherry picked from commit a3b473373ee43a292f5ec68a7fda6b9cfb26a9b0)
---
 ChangeLog      |  6 ++++++
 malloc/arena.c | 10 ++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

#diff --git a/ChangeLog b/ChangeLog
#index c048c1a..618515e 100644
#--- a/ChangeLog
#+++ b/ChangeLog
#@@ -1,3 +1,9 @@
#+2016-06-21  Florian Weimer  <fweimer@redhat.com>
#+
#+	[BZ #20284]
#+	* malloc/arena.c (reused_arena): Do not return NULL if we start
#+	out with a non-corrupted arena.
#+
# 2016-08-17  Florian Weimer  <fweimer@redhat.com>
# 
# 	[BZ #20452]
diff --git a/malloc/arena.c b/malloc/arena.c
index 7c52633..5350992 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -938,14 +938,12 @@ reused_arena (mstate avoid_arena)
     {
       result = result->next;
       if (result == begin)
-	break;
+	/* We looped around the arena list.  We could not find any
+	   arena that was either not corrupted or not the one we
+	   wanted to avoid.  */
+	return NULL;
     }
 
-  /* We could not find any arena that was either not corrupted or not the one
-     we wanted to avoid.  */
-  if (result == begin || result == avoid_arena)
-    return NULL;
-
   /* No arena available without contention.  Wait for the next in line.  */
   LIBC_PROBE (memory_arena_reuse_wait, 3, &result->mutex, result, avoid_arena);
   (void) mutex_lock (&result->mutex);
-- 
2.10.2