fix bug with accessing memory beyond TOTAL_MEMORY through sbrk

3 files changed, 16 insertions, 16 deletions

diff --git a/src/library.js b/src/library.js
index 2a4a5e7d..ba9ef0f8 100644
--- a/src/library.js
+++ b/src/library.js
@@ -2111,15 +2111,12 @@ LibraryManager.library = {
     // TODO: We could in theory slice off the top of the HEAP when
     //       sbrk gets a negative increment in |bytes|...
     var self = _sbrk;
-    if (!self.STATICTOP) {
-      STATICTOP = alignMemoryPage(STATICTOP);
-      self.STATICTOP = STATICTOP;
-      self.DATASIZE = 0;
-    } else {
-      assert(self.STATICTOP == STATICTOP, "No one should touch the heap!");
+    if (!self.called) {
+      STATICTOP = alignMemoryPage(STATICTOP); // make sure we start out aligned
+      self.called = true;
     }
-    var ret = STATICTOP + self.DATASIZE;
-    self.DATASIZE += alignMemoryPage(bytes);
+    var ret = STATICTOP;
+    if (bytes != 0) Runtime.staticAlloc(bytes);
     return ret;  // Previous break location.
   },
   open64: 'open',
diff --git a/src/preamble.js b/src/preamble.js
index cd9138d4..8a0f6eb6 100644
--- a/src/preamble.js
+++ b/src/preamble.js
@@ -23,6 +23,10 @@ var ACCEPTABLE_SAFE_HEAP_ERRORS = 0;
 
 function SAFE_HEAP_ACCESS(dest, type, store, ignore) {
   //if (dest === A_NUMBER) print ([dest, type, store] + ' ' + new Error().stack); // Something like this may be useful, in debugging
+
+  assert(dest < STATICTOP);
+  assert(STATICTOP <= TOTAL_MEMORY);
+
 #if USE_TYPED_ARRAYS == 2
   return; // It is legitimate to violate the load-store assumption in this case
 #endif
@@ -533,12 +537,11 @@ var HEAP8, HEAPU8, HEAP16, HEAPU16, HEAP32, HEAPU32, HEAPF32;
 var STACK_ROOT, STACKTOP, STACK_MAX;
 var STATICTOP;
 #if USE_TYPED_ARRAYS
-var LAST_STATICTOP;
 function enlargeMemory() {
-  // LAST_STATICTOP is the previous top, TOTAL_MEMORY is the current size of the actual array, and STATICTOP is the new top.
+  // TOTAL_MEMORY is the current size of the actual array, and STATICTOP is the new top.
 #if ASSERTIONS
   printErr('Warning: Enlarging memory arrays, this is not fast! ' + [STATICTOP, TOTAL_MEMORY]);
-  assert(STATICTOP >= TOTAL_MEMORY && LAST_STATICTOP < TOTAL_MEMORY);
+  assert(STATICTOP >= TOTAL_MEMORY);
   assert(TOTAL_MEMORY > 4); // So the loop below will not be infinite
 #endif
   while (TOTAL_MEMORY <= STATICTOP) { // Simple heuristic. Override enlargeMemory() if your program has something more optimal for it
@@ -610,6 +613,7 @@ var FAST_MEMORY = Module['FAST_MEMORY'] || {{{ FAST_MEMORY }}};
 
 var base = intArrayFromString('(null)'); // So printing %s of NULL gives '(null)'
                                          // Also this ensures we leave 0 as an invalid address, 'NULL'
+STATICTOP = base.length;
 for (var i = 0; i < base.length; i++) {
   {{{ makeSetValue(0, 'i', 'base[i]', 'i8') }}}
 }
diff --git a/src/runtime.js b/src/runtime.js
index 0b36f967..e1a6db39 100644
--- a/src/runtime.js
+++ b/src/runtime.js
@@ -10,7 +10,7 @@ var RuntimeGenerator = {
   alloc: function(size, type, init) {
     var ret = type + 'TOP';
     if (ASSERTIONS) {
-      ret += '; assert(' + size + ' > 0, "Trying to allocate 0")';
+      ret += '; assert(' + size + ' != 0, "Trying to allocate 0")';
     }
     if (init) {
       ret += '; _memset(' + type + 'TOP, 0, ' + size + ')';
@@ -54,11 +54,10 @@ var RuntimeGenerator = {
     return ret += 'STACKTOP = __stackBase__';
   },
 
-  // An allocation that cannot be free'd
+  // An allocation that cannot normally be free'd (except through sbrk, which once
+  // called, takes control of STATICTOP)
   staticAlloc: function(size) {
-    var ret = '';
-    if (USE_TYPED_ARRAYS) ret += 'LAST_STATICTOP = STATICTOP;'
-    ret += RuntimeGenerator.alloc(size, 'STATIC', INIT_HEAP);
+    var ret = RuntimeGenerator.alloc(size, 'STATIC', INIT_HEAP);
     if (USE_TYPED_ARRAYS) ret += '; if (STATICTOP >= TOTAL_MEMORY) enlargeMemory();'
     return ret;
   },