[U-Boot-Users] Bug in malloc()?

[Timur Tabi]

I'm trying to get the very latest U-Boot running on an MPC8323E MDS, and U-Boot 
hangs in the code to initialize the environment.  Specifically, env_relocate() 
calls malloc(), but malloc() never returns.

Before I try to debug the malloc() code, I was hoping someone would have a clue 
as to what the problem is.

I put a bunch of printfs() in the malloc() code, as well as a sanity check:

     for (victim = last(bin); victim != bin; victim = victim->bk)
     {
printf("%s:%u victim=%p\n", __FILE__, __LINE__, victim);
       victim_size = chunksize(victim);
printf("%s:%u victim_size=%u nb=%u\n", __FILE__, __LINE__, victim_size, nb);
       if (victim_size > max_total_mem) {
printf("%s:%u\n", __FILE__, __LINE__);
	return 0;
	}
       remainder_size = victim_size - nb;
printf("%s:%u remainder_size=%u\n", __FILE__, __LINE__, remainder_size);

       if (remainder_size >= (long)MINSIZE) /* too big */
       {
printf("%s:%u\n", __FILE__, __LINE__);
	--idx; /* adjust to rescan below after checking last remainder */
	break;
       }

       else if (remainder_size >= 0) /* exact fit */
       {
printf("%s:%u\n", __FILE__, __LINE__);
	unlink(victim, bck, fwd);
	set_inuse_bit_at_offset(victim, victim_size);
	check_malloced_chunk(victim, nb);
printf("%s:%u\n", __FILE__, __LINE__);
	return chunk2mem(victim);
       }
printf("%s:%u\n", __FILE__, __LINE__);
     }

and I get this:

dlmalloc.c:2153
dlmalloc.c:2158
dlmalloc.c:2192
dlmalloc.c:2198 victim=fe02d138
dlmalloc.c:2200 victim_size=4261597488 nb=8200
dlmalloc.c:2202
env_relocate[217] malloced ENV at 00000000

Look at the value of victim_size.  This can't be right.

Without the "if (victim_size > max_total_mem)" sanity check, this code loops 
indefinitely.

Can anyone tell me what's going on?  I don't think there's a bug in malloc() per 
se, but something has corrupted the heap.  What could do that?