Move slab info to the beginning of the chunk
Submitted by Behdad Esfahbod
Link to original bug (#563497)
Description
When the slab info is at the end (which currently is), and for chunk_size = 8 we get a perfect slicing into chunks, and so color == 0. Which means that the first slice of the page has the same address as the page itself. This is a very unfotunate problem: glibc cannot detect if the user frees the slice using free() instead of g_slice_free(). Valgrind cannot detect it either (no matter what mode you run under, always-malloc or not). They both will see a double free or other artifacts much later.
According to Tim, section 3.2.2. of [Bonwick94] as referenced in gslice.c: http://citeseer.ist.psu.edu/bonwick94slab.html contains the reason on why the slab info was placed at the end of pages, quoting: The freelist linkage resides at the end of the buffer, rather than the beginning, to facilitate debugging. This is driven by the empirical observation that the beginning of a data structure is typically more active than the end. If a buffer is modified after being freed, the problem is easier to diagnose if the heap structure (freelist linkage) is still intact.
I don't buy this at all. Other empirical observations suggest that most buffers are overrun at the end.
This was first discussed and then lost in the discussion in bug 335126.