the problem with curalloc was the following: poolallocl() allocates, trims, and then adds the resulting block size to curalloc. and poolfreel() subtracts the blocksize from curalloc. so far so good. problem is when we try to merge arenas, the last block in the bottom arena is extended up to the start of the top arena to encompass the space between, and then it is trimmed back to its old *data* size. depending on the size of the gab, the free data might be accounted for in the Btail datasize or it might get its own free block if it is big enougth. in the first case, the block size would'v been increased (we got some extra space at the end) but this was not accounted for in curalloc. so poolfreel() will subtract a bigger value than was added to curalloc, hence the underflow.
the fix is to account for the changed block size in curalloc when merging arenas. curalloc is also not properly maintained in poolallocalign(), but thats not in the testcase. -- cinap
