Merged in changes from CVS trunk.

Patches applied:

 * miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-747
   Update from CVS

 * miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-748
   Update from CVS

 * miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-749
   Update from CVS

 * miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-750
   Merge from gnus--rel--5.10

 * miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-751
   Update from CVS

 * miles@gnu.org--gnu-2004/emacs--cvs-trunk--0--patch-752
   Update from CVS

 * miles@gnu.org--gnu-2004/gnus--rel--5.10--patch-78
   Merge from emacs--cvs-trunk--0

 * miles@gnu.org--gnu-2004/gnus--rel--5.10--patch-79
   Update from CVS

 * miles@gnu.org--gnu-2004/gnus--rel--5.10--patch-80
   Update from CVS

git-archimport-id: lorentey@elte.hu--2004/emacs--multi-tty--0--patch-278

1 files changed, 33 insertions, 4 deletions

diff --git a/src/alloc.c b/src/alloc.c
index 7a6a1344d6c..eabbf5192f4 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -602,6 +602,27 @@ static char xmalloc_overrun_check_trailer[XMALLOC_OVERRUN_CHECK_SIZE] =
 	   ((unsigned)(ptr[-4]) << 24))
 
 
+/* The call depth in overrun_check functions.  For example, this might happen:
+   xmalloc()
+     overrun_check_malloc()
+       -> malloc -> (via hook)_-> emacs_blocked_malloc
+          -> overrun_check_malloc
+             call malloc  (hooks are NULL, so real malloc is called).
+             malloc returns 10000.
+             add overhead, return 10016.
+      <- (back in overrun_check_malloc)
+      add overhead again, return 10032
+   xmalloc returns 10032.
+
+   (time passes).
+
+   xfree(10032)
+     overrun_check_free(10032)
+       decrease overhed
+       free(10016)  <-  crash, because 10000 is the original pointer.  */
+
+static int check_depth;
+
 /* Like malloc, but wraps allocated block with header and trailer.  */
 
 POINTER_TYPE *
@@ -609,15 +630,17 @@ overrun_check_malloc (size)
      size_t size;
 {
   register unsigned char *val;
+  size_t overhead = ++check_depth == 1 ? XMALLOC_OVERRUN_CHECK_SIZE*2 : 0;
 
-  val = (unsigned char *) malloc (size + XMALLOC_OVERRUN_CHECK_SIZE*2);
-  if (val)
+  val = (unsigned char *) malloc (size + overhead);
+  if (val && check_depth == 1)
     {
       bcopy (xmalloc_overrun_check_header, val, XMALLOC_OVERRUN_CHECK_SIZE - 4);
       val += XMALLOC_OVERRUN_CHECK_SIZE;
       XMALLOC_PUT_SIZE(val, size);
       bcopy (xmalloc_overrun_check_trailer, val + size, XMALLOC_OVERRUN_CHECK_SIZE);
     }
+  --check_depth;
   return (POINTER_TYPE *)val;
 }
 
@@ -631,8 +654,10 @@ overrun_check_realloc (block, size)
      size_t size;
 {
   register unsigned char *val = (unsigned char *)block;
+  size_t overhead = ++check_depth == 1 ? XMALLOC_OVERRUN_CHECK_SIZE*2 : 0;
 
   if (val
+      && check_depth == 1
       && bcmp (xmalloc_overrun_check_header,
 	       val - XMALLOC_OVERRUN_CHECK_SIZE,
 	       XMALLOC_OVERRUN_CHECK_SIZE - 4) == 0)
@@ -647,15 +672,16 @@ overrun_check_realloc (block, size)
       bzero (val, XMALLOC_OVERRUN_CHECK_SIZE);
     }
 
-  val = (unsigned char *) realloc ((POINTER_TYPE *)val, size + XMALLOC_OVERRUN_CHECK_SIZE*2);
+  val = (unsigned char *) realloc ((POINTER_TYPE *)val, size + overhead);
 
-  if (val)
+  if (val && check_depth == 1)
     {
       bcopy (xmalloc_overrun_check_header, val, XMALLOC_OVERRUN_CHECK_SIZE - 4);
       val += XMALLOC_OVERRUN_CHECK_SIZE;
       XMALLOC_PUT_SIZE(val, size);
       bcopy (xmalloc_overrun_check_trailer, val + size, XMALLOC_OVERRUN_CHECK_SIZE);
     }
+  --check_depth;
   return (POINTER_TYPE *)val;
 }
 
@@ -667,7 +693,9 @@ overrun_check_free (block)
 {
   unsigned char *val = (unsigned char *)block;
 
+  ++check_depth;
   if (val
+      && check_depth == 1
       && bcmp (xmalloc_overrun_check_header,
 	       val - XMALLOC_OVERRUN_CHECK_SIZE,
 	       XMALLOC_OVERRUN_CHECK_SIZE - 4) == 0)
@@ -683,6 +711,7 @@ overrun_check_free (block)
     }
 
   free (val);
+  --check_depth;
 }
 
 #undef malloc