commit b28a423827a1c7917c6f3f3eba23b9432077dfbd
Author: florian <florian@a5019735-40e9-0310-863c-91ae7b9d1cf9>
Date:   Sat Jan 16 21:44:31 2016 +0000

    In ML_(am_allocate_segname) do not set the reference count of the
    slot to 1. Rather do that in add_segment which is where the segment
    refering to that name actually comes into existence.
    Properly handle the case in add_segment where the to-be-added segment
    and one (or more) of the segments it replaces have the same name
    This may occur when doing a mremap.
    
    
    git-svn-id: svn://svn.valgrind.org/valgrind/trunk@15761 a5019735-40e9-0310-863c-91ae7b9d1cf9

diff --git a/coregrind/m_aspacemgr/aspacemgr-linux.c b/coregrind/m_aspacemgr/aspacemgr-linux.c
index 0a8f675..f6c1a41 100644
--- a/coregrind/m_aspacemgr/aspacemgr-linux.c
+++ b/coregrind/m_aspacemgr/aspacemgr-linux.c
@@ -1445,6 +1445,15 @@ static void add_segment ( const NSegment* seg )
 
    split_nsegments_lo_and_hi( sStart, sEnd, &iLo, &iHi );
 
+   /* Increase the reference count of SEG's name. We need to do this
+      *before* decreasing the reference count of the names of the replaced
+      segments. Consider the case where the segment name of SEG and one of
+      the replaced segments are the same. If the refcount of that name is 1,
+      then decrementing first would put the slot for that name on the free
+      list. Attempting to increment the refcount later would then fail
+      because the slot is no longer allocated. */
+   ML_(am_inc_refcount)(seg->fnIdx);
+
    /* Now iLo .. iHi inclusive is the range of segment indices which
       seg will replace.  If we're replacing more than one segment,
       slide those above the range down to fill the hole. Before doing
diff --git a/coregrind/m_aspacemgr/aspacemgr-segnames.c b/coregrind/m_aspacemgr/aspacemgr-segnames.c
index ef3d3ef..8e74356 100644
--- a/coregrind/m_aspacemgr/aspacemgr-segnames.c
+++ b/coregrind/m_aspacemgr/aspacemgr-segnames.c
@@ -309,7 +309,7 @@ ML_(am_allocate_segname)(const HChar *name)
             freeslot_chain = next_freeslot;
          else
             put_slotindex(prev, next_freeslot);
-         put_refcount(ix, 1);
+         put_refcount(ix, 0);
          put_slotsize(ix, size);
          VG_(strcpy)(segnames + ix, name);
          ++num_segnames;
@@ -336,7 +336,7 @@ ML_(am_allocate_segname)(const HChar *name)
 
    /* copy it in */
    ix = segnames_used;
-   put_refcount(ix, 1);
+   put_refcount(ix, 0);
    put_slotsize(ix, len + 1);
    VG_(strcpy)(segnames + ix, name);
    segnames_used += need;