--- ray/src/common/malloc.c	1991/10/08 16:00:06	1.16
+++ ray/src/common/malloc.c	1995/10/24 09:45:07	2.9
@@ -1,4 +1,4 @@
-/* Copyright (c) 1991 Regents of the University of California */
+/* Copyright (c) 1992 Regents of the University of California */
 
 #ifndef lint
 static char SCCSid[] = "$SunId$ LBL";
@@ -24,9 +24,15 @@ static char SCCSid[] = "$SunId$ LBL";
 
 #include  <errno.h>
 
+#ifndef  BSD
+#define  bcopy(s,d,n)		(void)memcpy(d,s,n)
+#define  bzero(d,n)		(void)memset(d,0,n)
+extern char  *memcpy(), *memset();
+#endif
+
 #ifdef MSTATS
 #include  <stdio.h>
-static unsigned b_nsbrked = 0;
+static unsigned	b_nsbrked = 0;
 static unsigned	b_nalloced = 0;
 static unsigned	b_nfreed = 0;
 static unsigned	b_nscrounged = 0;
@@ -65,8 +71,12 @@ static M_HEAD	*free_list[NBUCKETS];
 
 static ALIGN	dummy_mem;
 
+static char	*memlim[2];
+
 #define DUMMYLOC	((char *)&dummy_mem)
 
+#define BADPTR(p)	((p) < memlim[0] | (p) >= memlim[1])
+
 #ifdef  MCOMP			/* memory compaction routines */
 static char	seedtab[1024];		/* seed for compaction table */
 
@@ -150,7 +160,8 @@ unsigned	*np;
 
 	for ( ; ; ) {
 					/* compact free lists */
-		compactfree();
+		while (compactfree())
+			;
 					/* find largest block */
 		tab = mtab(&cptab); tablen = mtablen(&cptab);
 		big = tab;
@@ -163,7 +174,7 @@ unsigned	*np;
 			big->siz = 0;		/* remove from table */
 			return(big->ptr);	/* return it */
 		}
-		if (mtablen(big) < tablen+1) {
+		if (mtablen(big) <= tablen) {
 			*np = 0;		/* cannot grow table */
 			return(NULL);		/* report failure */
 		}
@@ -173,17 +184,10 @@ unsigned	*np;
 		cptab.ptr = big->ptr;
 		cptab.siz = big->siz;
 		big->siz = 0;			/* clear and copy */
-#ifdef BSD
 		bcopy((char *)tab, (char *)(mtab(&cptab)+1),
 				tablen*sizeof(struct mblk));
 		bzero((char *)(mtab(&cptab)+tablen+1),
 			(mtablen(&cptab)-tablen-1)*sizeof(struct mblk));
-#else
-		(void)memcpy((char *)(mtab(&cptab)+1), (char *)tab,
-				tablen*sizeof(struct mblk));
-		memset((char *)(mtab(&cptab)+tablen+1), 0,
-			(mtablen(&cptab)-tablen-1)*sizeof(struct mblk));
-#endif
 	}			/* next round */
 }
 #endif		/* MCOMP */
@@ -233,17 +237,22 @@ register unsigned  n;
 		pagesz = amnt = getpagesize();
 		nrem = (int)sbrk(0);			/* page align break */
 		nrem = pagesz - (nrem&(pagesz-1));
-		bpos = sbrk(nrem);			/* word aligned! */
+		bpos = sbrk(nrem);
 		if ((int)bpos == -1)
 			return(NULL);
 #ifdef MSTATS
 		b_nsbrked += nrem;
 #endif
+		bpos += nrem & (BYTES_WORD-1);		/* align pointer */
+		nrem &= ~(BYTES_WORD-1);
+		memlim[0] = bpos;
+		memlim[1] = bpos + nrem;
 	}
 
 	n = (n+(BYTES_WORD-1))&~(BYTES_WORD-1);		/* word align rqst. */
 
 	if (n > nrem) {					/* need more core */
+	tryagain:
 		if (n > amnt) {				/* big chunk */
 			thisamnt = (n+(pagesz-1))&~(pagesz-1);
 			if (thisamnt <= MAXINCR)	/* increase amnt */
@@ -252,10 +261,17 @@ register unsigned  n;
 			thisamnt = amnt;
 		p = sbrk(thisamnt);
 		if ((int)p == -1) {			/* uh-oh, ENOMEM */
-			thisamnt = n;			/* search free lists */
-			p = mscrounge(&thisamnt);
-			if (p == NULL)			/* we're really out */
+			errno = 0;			/* call cavalry */
+			if (thisamnt >= n+pagesz) {
+				amnt = pagesz;		/* minimize request */
+				goto tryagain;
+			}
+			thisamnt = n;
+			p = mscrounge(&thisamnt);	/* search free lists */
+			if (p == NULL) {		/* we're really out */
+				errno = ENOMEM;
 				return(NULL);
+			}
 		}
 #ifdef MSTATS
 		else b_nsbrked += thisamnt;
@@ -266,6 +282,10 @@ register unsigned  n;
 			nrem = thisamnt;
 		} else					/* otherwise tack on */
 			nrem += thisamnt;
+		if (bpos < memlim[0])
+			memlim[0] = bpos;
+		if (bpos + nrem > memlim[1])
+			memlim[1] = bpos + nrem;
 	}
 	p = bpos;
 	bpos += n;					/* advance */
@@ -295,6 +315,10 @@ register unsigned  n;
 		p += bsiz;
 		n -= bsiz;
 	}
+	if (p < memlim[0])
+		memlim[0] = p;
+	if (p + n > memlim[1])
+		memlim[1] = p + n;
 					/* fill big buckets first */
 	for (bucket = NBUCKETS-1, bsiz = 1<<(NBUCKETS-1);
 			bucket >= FIRSTBUCKET; bucket--, bsiz >>= 1)
@@ -311,7 +335,6 @@ char *
 malloc(n)			/* allocate n bytes of memory */
 unsigned	n;
 {
-	extern int  errno;
 	register M_HEAD	*mp;
 	register int	bucket;
 	register unsigned	bsiz;
@@ -353,20 +376,17 @@ unsigned	n;
 	char	*p;
 	register unsigned	on;
 					/* get old size */
-	if (op != NULL && op != DUMMYLOC && ((M_HEAD *)op-1)->a.magic == MAGIC)
+	if (op != DUMMYLOC && !BADPTR(op) &&
+			((M_HEAD *)op-1)->a.magic == MAGIC)
 		on = 1 << ((M_HEAD *)op-1)->a.bucket;
 	else
 		on = 0;
 	if (n <= on && (n > on>>1 || on == 1<<FIRSTBUCKET))
 		return(op);		/* same bucket */
 	if ((p = malloc(n)) == NULL)
-		return(NULL);
+		return(n<=on ? op : NULL);
 	if (on) {
-#ifdef  BSD
 		bcopy(op, p, n>on ? on : n);
-#else
-		(void)memcpy(p, op, n>on ? on : n);
-#endif
 		free(op);
 	}
 	return(p);
@@ -379,18 +399,25 @@ char	*p;
 	register M_HEAD	*mp;
 	register int	bucket;
 
-	if (p == NULL || p == DUMMYLOC)
+	if (p == DUMMYLOC)
 		return(1);
+	if (BADPTR(p))
+		goto invalid;
 	mp = (M_HEAD *)p - 1;
 	if (mp->a.magic != MAGIC)		/* sanity check */
-		return(0);
+		goto invalid;
 	bucket = mp->a.bucket;
+	if (bucket < FIRSTBUCKET | bucket >= NBUCKETS)
+		goto invalid;
 	mp->next = free_list[bucket];
 	free_list[bucket] = mp;
 #ifdef MSTATS
 	m_nfreed += (1 << bucket) + sizeof(M_HEAD);
 #endif
 	return(1);
+invalid:
+	errno = EINVAL;
+	return(0);
 }