memory allocation crash with a simple Scilab script
Reported by Serge STEER
BUG DESCRIPTION:
----------------
Running the instruction below frozes Scilab with the following message in the calling shell:
mir2% ~/scilab-6.0.1/bin/scilab
scilab-bin: malloc.c:2392: sysmalloc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 *(sizeof(size_t))) - 1)) & ~((2 *(sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.
ERROR LOG:
----------
HOW TO REPRODUCE THE BUG:
-------------------------
//executes th following instructions
nx=256;
tau=-127:127;nt=size(tau,"*");
N=30;
x=complex(rand(nx,1),rand(nx,1));
af=zeros(N,nt);
for i=1:nt,
taui=round(tau(i));
t=(1+abs(taui)):(nx-abs(taui));
mprintf("i=%d\n",i);
if i==14 then pause,end //crash if one continue
af(t,i)=x(t+taui).* conj(x(t-taui));
end;
OTHER INFORMATION:
------------------
The pb arises only if x is complex and if af is undersized (N instead
of nx). The number of rows of af has been increased by the previous
iterations but at i==14 the assignement af(t,i)=... makes the crash.