Properly handle fencepost with MALLOC_ALIGN_MASK

Cherry-pick commit ced6f16ee919d12725840d43d007f1cfd67118df.

Conflicts:
	ChangeLog
	NEWS

3 files changed, 14 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 5e818a9f4c..967ab9b2b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-09-24  H.J. Lu  <hongjiu.lu@intel.com>
+
+	[BZ #14562]
+	* malloc/arena.c (heap_trim): Properly get fencepost and adjust
+	new chunk size with MALLOC_ALIGN_MASK.
+
 2012-08-29  H.J. Lu  <hongjiu.lu@intel.com>
 
 	[BZ #14476]
diff --git a/NEWS b/NEWS
index ecb93507d4..4b10c01df1 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,7 @@ Version 2.16.1
 
 * The following bugs are resolved with this release:
 
-  14195, 14459, 14476
+  14195, 14459, 14476, 14562
 
 Version 2.16
 
diff --git a/malloc/arena.c b/malloc/arena.c
index 33c4ff37a7..71a0dee639 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -652,15 +652,19 @@ heap_trim(heap_info *heap, size_t pad)
   unsigned long pagesz = GLRO(dl_pagesize);
   mchunkptr top_chunk = top(ar_ptr), p, bck, fwd;
   heap_info *prev_heap;
-  long new_size, top_size, extra;
+  long new_size, top_size, extra, prev_size, misalign;
 
   /* Can this heap go away completely? */
   while(top_chunk == chunk_at_offset(heap, sizeof(*heap))) {
     prev_heap = heap->prev;
-    p = chunk_at_offset(prev_heap, prev_heap->size - (MINSIZE-2*SIZE_SZ));
+    prev_size = prev_heap->size - (MINSIZE-2*SIZE_SZ);
+    p = chunk_at_offset(prev_heap, prev_size);
+    /* fencepost must be properly aligned.  */
+    misalign = ((long) p) & MALLOC_ALIGN_MASK;
+    p = chunk_at_offset(prev_heap, prev_size - misalign);
     assert(p->size == (0|PREV_INUSE)); /* must be fencepost */
     p = prev_chunk(p);
-    new_size = chunksize(p) + (MINSIZE-2*SIZE_SZ);
+    new_size = chunksize(p) + (MINSIZE-2*SIZE_SZ) + misalign;
     assert(new_size>0 && new_size<(long)(2*MINSIZE));
     if(!prev_inuse(p))
       new_size += p->prev_size;