#15258 closed bug (fixed)
memory allocator do not handle out of memory correctly
Reported by: | X512 | Owned by: | nobody |
---|---|---|---|
Priority: | normal | Milestone: | R1/beta2 |
Component: | System/libroot.so | Version: | R1/Development |
Keywords: | Cc: | ||
Blocked By: | Blocking: | #15320 | |
Platform: | All |
Description
This is hrev53380 32bit gcc2hybrid.
Process crashes inside internal code of memory allocator when no memory avalible. According Debugger "BPrivate::rpmalloc::_memory_span_set_new_active" is called with "span" argument = NULL and it dereferenced in "assert(span->span_count == 1);" causing crash.
Attachments (5)
Change History (11)
by , 5 years ago
Attachment: | MemAlloc.c added |
---|
comment:1 by , 5 years ago
It look like rpmalloc bug, not Haiku. I investigate rpmalloc souces a bit and found that if virtual memory allocation fail "_memory_heap_extract_new_span" in "_memory_allocate_from_heap_fallback" function returns NULL and null span is passed in _memory_span_set_new_active that do not support null span and crash by null pointer dereference.
by , 5 years ago
Attachment: | 0001-fix-rpmalloc-crash-when-no-more-memory-large-alloc-s.patch added |
---|
patch for large allocations
comment:2 by , 5 years ago
I also found that if a lot of memory allocated rpmalloc crash when freeing memory. Crash occurs in "_memory_span_release_to_cache" function, "assert(heap_class->partial_span != span);" line.
comment:3 by , 5 years ago
Maybe it's better to move this issue over to https://github.com/mjansson/rpmalloc ?
comment:4 by , 5 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in hrev53384 with a slightly different coding style, and submitted upstream as https://github.com/mjansson/rpmalloc/pull/115. Thanks!
comment:5 by , 5 years ago
Blocking: | 15320 added |
---|
comment:6 by , 5 years ago
Milestone: | Unscheduled → R1/beta2 |
---|
Assign tickets with status=closed and resolution=fixed within the R1/beta2 development window to the R1/beta2 Milestone
Test program