From dcd15098a8adfa6e44d7d1d041df968fb5fe9d82 Mon Sep 17 00:00:00 2001
From: Jason Evans <je@facebook.com>
Date: Thu, 5 Aug 2010 12:13:42 -0700
Subject: Move assert() calls up in arena_run_reg_alloc().

Move assert() calls up in arena_run_reg_alloc(), so that a corrupt
pointer will likely be caught by an assertion *before* it is
dereferenced.
---
 jemalloc/src/arena.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jemalloc/src/arena.c b/jemalloc/src/arena.c
index e414226..ee859fc 100644
--- a/jemalloc/src/arena.c
+++ b/jemalloc/src/arena.c
@@ -254,7 +254,6 @@ arena_run_reg_alloc(arena_run_t *run, arena_bin_t *bin)
 	run->nfree--;
 	ret = run->avail;
 	if (ret != NULL) {
-		run->avail = *(void **)ret;
 		/* Double free can cause assertion failure.*/
 		assert(ret != NULL);
 		/* Write-after free can cause assertion failure. */
@@ -264,6 +263,7 @@ arena_run_reg_alloc(arena_run_t *run, arena_bin_t *bin)
 		assert(((uintptr_t)ret - ((uintptr_t)run +
 		    (uintptr_t)bin->reg0_offset)) % (uintptr_t)bin->reg_size ==
 		    0);
+		run->avail = *(void **)ret;
 		return (ret);
 	}
 	ret = run->next;
-- 
cgit v0.12