This fault was detected whilst working with the seL4 microkernel which uses an old fork of musl libc (see
https://github.com/seL4/musllibc/issues/17). Whilst the implementation
of aligned_alloc has changed between the seL4 fork and the mainline musl libc the same underlying fault still appears to be present in oldmalloc branch of mainline musl libc.
Proposed fix:
1. A minimum size limit on the ‘len’ parameter of aligned_alloc must be enforced to ensure that the resulting chunk returned by aligned_alloc meets the minimum chunk length limit, i.e. adjust the input ‘len’ value to be no less than SIZE_ALIGN.
2. aligned_alloc must not call ‘__bin_chunk’ in the case where new-men < SIZE_ALIGN. In such a case rather than effectively ‘free’ing this small chunk (which is below the minimum length limit and therefore leads to corruption of the bookkeeping)
the memory should be added to the end of the preceding chunk.
Thanks for your help,
Stephen