runtime: fix system memory allocator on plan9

The following line in sysFree:
n += (n + memRound) &^ memRound
doubles value of n (n += n).
Which is wrong and can lead to memory corruption.

Fixes #9712

Change-Id: I3c141b71da11e38837c09408cf4f1d22e8f7f36e
Reviewed-on: https://go-review.googlesource.com/3602
Reviewed-by: David du Colombier <0intro@gmail.com>

1 files changed, 8 insertions, 5 deletions

diff --git a/src/runtime/mem_plan9.go b/src/runtime/mem_plan9.go
index a5d7c1a4cf..477a52700e 100644
--- a/src/runtime/mem_plan9.go
+++ b/src/runtime/mem_plan9.go
@@ -9,21 +9,24 @@ import "unsafe"
 var bloc uintptr
 var memlock mutex
 
-const memRound = _PAGESIZE - 1
+func memRound(p uintptr) uintptr {
+	return (p + _PAGESIZE - 1) &^ (_PAGESIZE - 1)
+}
 
 func initBloc() {
-	bloc = uintptr(unsafe.Pointer(&end))
+	bloc = memRound(uintptr(unsafe.Pointer(&end)))
 }
 
 func sbrk(n uintptr) unsafe.Pointer {
 	lock(&memlock)
 	// Plan 9 sbrk from /sys/src/libc/9sys/sbrk.c
-	bl := (bloc + memRound) &^ memRound
+	bl := bloc
+	n = memRound(n)
 	if brk_(unsafe.Pointer(bl+n)) < 0 {
 		unlock(&memlock)
 		return nil
 	}
-	bloc = bl + n
+	bloc += n
 	unlock(&memlock)
 	return unsafe.Pointer(bl)
 }
@@ -42,7 +45,7 @@ func sysFree(v unsafe.Pointer, n uintptr, stat *uint64) {
 	// from tiny/mem.c
 	// Push pointer back if this is a free
 	// of the most recent sysAlloc.
-	n += (n + memRound) &^ memRound
+	n = memRound(n)
 	if bloc == uintptr(v)+n {
 		bloc -= n
 	}