malloc: Avoid premature fallback to mmap [BZ #20284]

Before this change, the while loop in reused_arena which avoids
returning a corrupt arena would never execute its body if the selected
arena were not corrupt.  As a result, result == begin after the loop,
and the function returns NULL, triggering fallback to mmap.

(cherry picked from commit a3b473373ee43a292f5ec68a7fda6b9cfb26a9b0)

2 files changed, 10 insertions, 6 deletions

diff --git a/ChangeLog b/ChangeLog
index 178aab2bbc..39a262af52 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2016-06-21  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #20284]
+	* malloc/arena.c (reused_arena): Do not return NULL if we start
+	out with a non-corrupted arena.
+
 2016-08-15  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #20435]
diff --git a/malloc/arena.c b/malloc/arena.c
index 0e5cc0f54d..232b6a2960 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -795,14 +795,12 @@ reused_arena (mstate avoid_arena)
     {
       result = result->next;
       if (result == begin)
-	break;
+	/* We looped around the arena list.  We could not find any
+	   arena that was either not corrupted or not the one we
+	   wanted to avoid.  */
+	return NULL;
     }
 
-  /* We could not find any arena that was either not corrupted or not the one
-     we wanted to avoid.  */
-  if (result == begin || result == avoid_arena)
-    return NULL;
-
   /* No arena available without contention.  Wait for the next in line.  */
   LIBC_PROBE (memory_arena_reuse_wait, 3, &result->mutex, result, avoid_arena);
   (void) mutex_lock (&result->mutex);