From e3f278b30037cebc48960059f4eb59d5dd50201f Mon Sep 17 00:00:00 2001
From: Paul Khuong <pvk@pvk.ca>
Date: Sat, 2 Jul 2011 19:59:54 -0400
Subject: [PATCH] Fix an off-by-one in MAP-ALLOCATED-OBJECTS

 The bug would be extremely hard to tickle with current gencgc, but
 that's going to change soon.
---
 NEWS               |    2 ++
 src/code/room.lisp |    4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 42ccd76..1df6936 100644
--- a/NEWS
+++ b/NEWS
@@ -44,6 +44,8 @@ changes relative to sbcl-1.0.49:
     functions with both optional and key argments.
   * bug fix: regalloc doesn't barf on unused TNs due to type-directed constant
     folding. (lp#729765)
+  * bug fix: Fixed an off-by-one in MAP-ALLOCATED-OBJECTS that might have caused
+    infinite loops.
 
 changes in sbcl-1.0.49 relative to sbcl-1.0.48:
   * minor incompatible change: WITH-LOCKED-HASH-TABLE no longer disables
diff --git a/src/code/room.lisp b/src/code/room.lisp
index ec6888e..2f3c02a 100644
--- a/src/code/room.lisp
+++ b/src/code/room.lisp
@@ -286,8 +286,8 @@
                                  ;; pointer is still below the allocation offset
                                  ;; of the page
                                  (when (and (not (zerop alloc-flag))
-                                            (<= (logand page-mask addr)
-                                                bytes-used))
+                                            (< (logand page-mask addr)
+                                               bytes-used))
                                    ;; Don't bother testing again until we
                                    ;; get past that allocation offset
                                    (setf skip-tests-until-addr
-- 
1.7.10.4