Index: glibc-2.12-2-gc4ccff1/malloc/arena.c

===================================================================

--- glibc-2.12-2-gc4ccff1.orig/malloc/arena.c

+++ glibc-2.12-2-gc4ccff1/malloc/arena.c

@@ -870,7 +870,7 @@ heap_trim(heap, pad) heap_info *heap; si

     heap = prev_heap;

     if(!prev_inuse(p)) { /* consolidate backward */

       p = prev_chunk(p);

-      unlink(p, bck, fwd);

+      unlink(ar_ptr, p, bck, fwd);

     }

     assert(((unsigned long)((char*)p + new_size) & (pagesz-1)) == 0);

     assert( ((char*)p + new_size) == ((char*)heap + heap->size) );

Index: glibc-2.12-2-gc4ccff1/malloc/hooks.c

===================================================================

--- glibc-2.12-2-gc4ccff1.orig/malloc/hooks.c

+++ glibc-2.12-2-gc4ccff1/malloc/hooks.c

@@ -219,7 +219,9 @@ top_check()

 	(char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem)))

     return 0;

+  mutex_unlock(&main_arena);

   malloc_printerr (check_action, "malloc: top chunk is corrupt", t);

+  mutex_lock(&main_arena);

   /* Try to set up a new top chunk. */

   brk = MORECORE(0);

Index: glibc-2.12-2-gc4ccff1/malloc/malloc.c

===================================================================

--- glibc-2.12-2-gc4ccff1.orig/malloc/malloc.c

+++ glibc-2.12-2-gc4ccff1/malloc/malloc.c

@@ -2109,12 +2109,14 @@ typedef struct malloc_chunk* mbinptr;

 #define last(b)      ((b)->bk)

 /* Take a chunk off a bin list */

-#define unlink(P, BK, FD) {                                            \

+#define unlink(AV, P, BK, FD) {					       \

   FD = P->fd;                                                          \

   BK = P->bk;                                                          \

-  if (__builtin_expect (FD->bk != P || BK->fd != P, 0))                \

+  if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) {	       \

+    mutex_unlock(&(AV)->mutex);					       \

     malloc_printerr (check_action, "corrupted double-linked list", P); \

-  else {                                                               \

+    mutex_lock(&(AV)->mutex);					       \

+  } else {							       \

     FD->bk = BK;                                                       \

     BK->fd = FD;                                                       \

     if (!in_smallbin_range (P->size)				       \

@@ -3257,7 +3259,9 @@ static Void_t* sYSMALLOc(nb, av) INTERNA

     else if (contiguous(av) && old_size && brk < old_end) {

       /* Oops!  Someone else killed our space..  Can't touch anything.  */

+      mutex_unlock(&av->mutex);

       malloc_printerr (3, "break adjusted to free malloc space", brk);

+      mutex_lock(&av->mutex);

     }

     /*

@@ -4305,7 +4309,9 @@ _int_malloc(mstate av, size_t bytes)

 	{

 	  errstr = "malloc(): memory corruption (fast)";

 	errout:

+	  mutex_unlock(&av->mutex);

 	  malloc_printerr (check_action, errstr, chunk2mem (victim));

+	  mutex_lock(&av->mutex);

 	  return NULL;

 	}

 #ifndef ATOMIC_FASTBINS

@@ -4393,8 +4399,12 @@ _int_malloc(mstate av, size_t bytes)

       bck = victim->bk;

       if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0)

 	  || __builtin_expect (victim->size > av->system_mem, 0))

-	malloc_printerr (check_action, "malloc(): memory corruption",

-			 chunk2mem (victim));

+	{

+	  void *p = chunk2mem(victim);

+	  mutex_unlock(&av->mutex);

+	  malloc_printerr (check_action, "malloc(): memory corruption", p);

+	  mutex_lock(&av->mutex);

+	}

       size = chunksize(victim);

       /*

@@ -4535,7 +4545,7 @@ _int_malloc(mstate av, size_t bytes)

 	  victim = victim->fd;

 	remainder_size = size - nb;

-	unlink(victim, bck, fwd);

+	unlink(av, victim, bck, fwd);

 	/* Exhaust */

 	if (remainder_size < MINSIZE)  {

@@ -4633,7 +4643,7 @@ _int_malloc(mstate av, size_t bytes)

 	remainder_size = size - nb;

 	/* unlink */

-	unlink(victim, bck, fwd);

+	unlink(av, victim, bck, fwd);

 	/* Exhaust */

 	if (remainder_size < MINSIZE) {

@@ -4789,10 +4799,14 @@ _int_free(mstate av, mchunkptr p)

       errstr = "free(): invalid pointer";

     errout:

 #ifdef ATOMIC_FASTBINS

-      if (! have_lock && locked)

+      if (have_lock || locked)

 	(void)mutex_unlock(&av->mutex);

 #endif

       malloc_printerr (check_action, errstr, chunk2mem(p));

+#ifdef ATOMIC_FASTBINS

+      if (have_lock)

+	mutex_lock(&av->mutex);

+#endif

       return;

     }

   /* We know that each chunk is at least MINSIZE bytes in size.  */

@@ -4961,7 +4975,7 @@ _int_free(mstate av, mchunkptr p)

       prevsize = p->prev_size;

       size += prevsize;

       p = chunk_at_offset(p, -((long) prevsize));

-      unlink(p, bck, fwd);

+      unlink(av, p, bck, fwd);

     }

     if (nextchunk != av->top) {

@@ -4970,7 +4984,7 @@ _int_free(mstate av, mchunkptr p)

       /* consolidate forward */

       if (!nextinuse) {

-	unlink(nextchunk, bck, fwd);

+	unlink(av, nextchunk, bck, fwd);

 	size += nextsize;

       } else

 	clear_inuse_bit_at_offset(nextchunk, 0);

@@ -5158,7 +5172,7 @@ static void malloc_consolidate(av) mstat

 	    prevsize = p->prev_size;

 	    size += prevsize;

 	    p = chunk_at_offset(p, -((long) prevsize));

-	    unlink(p, bck, fwd);

+	    unlink(av, p, bck, fwd);

 	  }

 	  if (nextchunk != av->top) {

@@ -5166,7 +5180,7 @@ static void malloc_consolidate(av) mstat

 	    if (!nextinuse) {

 	      size += nextsize;

-	      unlink(nextchunk, bck, fwd);

+	      unlink(av, nextchunk, bck, fwd);

 	    } else

 	      clear_inuse_bit_at_offset(nextchunk, 0);

@@ -5235,7 +5249,9 @@ _int_realloc(mstate av, mchunkptr oldp, 

     {

       errstr = "realloc(): invalid old size";

     errout:

+      mutex_unlock(&av->mutex);

       malloc_printerr (check_action, errstr, chunk2mem(oldp));

+      mutex_lock(&av->mutex);

       return NULL;

     }

@@ -5282,7 +5298,7 @@ _int_realloc(mstate av, mchunkptr oldp, 

 	       (unsigned long)(newsize = oldsize + nextsize) >=

 	       (unsigned long)(nb)) {

 	newp = oldp;

-	unlink(next, bck, fwd);

+	unlink(av, next, bck, fwd);

       }

       /* allocate, copy, free */