malloc: Use _int_free_chunk in tcache_thread_shutdown

Directly call _int_free_chunk during tcache shutdown to avoid recursion.
Calling __libc_free on a block from tcache gets flagged as a double free,
and tcache_double_free_verify checks every tcache chunk (quadratic
overhead).

Reviewed-by: Arjun Shankar <arjun@redhat.com>

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 975a0054130448a016b08da87e32cb66ff513115..bd92d5c3965c3cd6521b35ecfa9cea7dfcb5ce17 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3377,6 +3377,7 @@ static void
 tcache_thread_shutdown (void)
 {
   int i;
+  mchunkptr p;
   tcache_perthread_struct *tcache_tmp = tcache;
   int need_free = tcache_enabled ();
 
@@ -3396,11 +3397,14 @@ tcache_thread_shutdown (void)
            malloc_printerr ("tcache_thread_shutdown(): "
                             "unaligned tcache chunk detected");
          tcache_tmp->entries[i] = REVEAL_PTR (e->next);
-         __libc_free (e);
+         e->key = 0;
+         p = mem2chunk (e);
+         _int_free_chunk (arena_for_chunk (p), p, chunksize (p), 0);
        }
     }
 
-  __libc_free (tcache_tmp);
+  p = mem2chunk (tcache_tmp);
+  _int_free_chunk (arena_for_chunk (p), p, chunksize (p), 0);
 }
 
 /* Initialize tcache.  In the rare case there isn't any memory available,