1 files changed, 14 insertions, 12 deletions
diff --git a/src/alloc.c b/src/alloc.c
index 143f5c76292..429cdb5246a 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -601,22 +601,24 @@ static char xmalloc_overrun_check_trailer[XMALLOC_OVERRUN_CHECK_SIZE] =
           ((unsigned)(ptr[-4]) << 24))
-/* The call depth in overrun_check  functions.  Realloc may call both malloc
+/* The call depth in overrun_check functions.  For example, this might happen:
-   and free.  If realloc calls malloc, this may happen:
+   xmalloc()
-   overrun_check_realloc()
+     overrun_check_malloc()
-      -> malloc -> (via hook)_-> emacs_blocked_malloc
+       -> malloc -> (via hook)_-> emacs_blocked_malloc
-         -> overrun_check_malloc
+          -> overrun_check_malloc
-            call malloc  (hooks are NULL, so real malloc is called).
+             call malloc  (hooks are NULL, so real malloc is called).
-            malloc returns 10000.
+             malloc returns 10000.
-            add overhead, return 10016.
+             add overhead, return 10016.
-      <- (back in overrun_check_realloc)
+      <- (back in overrun_check_malloc)
      add overhead again, return 10032
+   xmalloc returns 10032.
   (time passes).
-   overrun_check_free(10032)
+   xfree(10032)
-     decrease overhed
+     overrun_check_free(10032)
-     free(10016)  <-  crash, because 10000 is the original pointer.  */
+       decrease overhed
+       free(10016)  <-  crash, because 10000 is the original pointer.  */
 static int check_depth;

diff --git a/src/alloc.c b/src/alloc.c index 143f5c76292..429cdb5246a 100644 --- a/src/alloc.c +++ b/src/alloc.c
@@ -601,22 +601,24 @@ static char xmalloc_overrun_check_trailer[XMALLOC_OVERRUN_CHECK_SIZE] =
601	((unsigned)(ptr[-4]) << 24))	601	((unsigned)(ptr[-4]) << 24))
602		602
603		603
604	/* The call depth in overrun_check functions. Realloc may call both malloc	604	/* The call depth in overrun_check functions. For example, this might happen:
605	and free. If realloc calls malloc, this may happen:	605	xmalloc()
606	overrun_check_realloc()	606	overrun_check_malloc()
607	-> malloc -> (via hook)_-> emacs_blocked_malloc	607	-> malloc -> (via hook)_-> emacs_blocked_malloc
608	-> overrun_check_malloc	608	-> overrun_check_malloc
609	call malloc (hooks are NULL, so real malloc is called).	609	call malloc (hooks are NULL, so real malloc is called).
610	malloc returns 10000.	610	malloc returns 10000.
611	add overhead, return 10016.	611	add overhead, return 10016.
612	<- (back in overrun_check_realloc)	612	<- (back in overrun_check_malloc)
613	add overhead again, return 10032	613	add overhead again, return 10032
		614	xmalloc returns 10032.
614		615
615	(time passes).	616	(time passes).
616		617
617	overrun_check_free(10032)	618	xfree(10032)
618	decrease overhed	619	overrun_check_free(10032)
619	free(10016) <- crash, because 10000 is the original pointer. */	620	decrease overhed
		621	free(10016) <- crash, because 10000 is the original pointer. */
620		622
621	static int check_depth;	623	static int check_depth;
622		624