Closed
Bug 1295688
Opened 8 years ago
Closed 8 years ago
InfallibleAllocPolicy should crash on overflow
Categories
(Core :: Memory Allocator, defect)
Core
Memory Allocator
Tracking
()
RESOLVED
FIXED
mozilla51
Tracking | Status | |
---|---|---|
firefox51 | --- | fixed |
People
(Reporter: mccr8, Assigned: mccr8)
Details
Attachments
(1 file)
Code that uses InfallibleAllocPolicy presumably wants for operations to always succeed. However, Vector and HashTable can end up detecting that growing the data structure more will fail due to integer overflow, and then will call reportAllocOverflow() and fail. I think these should crash. It could also do an OOM crash with the max value of size_t, but maybe that's too cute.
Comment 1•8 years ago
|
||
Equally alarming: InfallibleAllocPolicy::pod_{m,re}alloc will return nullptr if the size computation overflows! FWIW, DMD's own InfallibleAllocPolicy *does* crash in pod_{m,re}alloc and reportAllocOverflow().
Assignee | ||
Comment 2•8 years ago
|
||
(In reply to Nicholas Nethercote [:njn] from comment #1) > Equally alarming: InfallibleAllocPolicy::pod_{m,re}alloc will return nullptr > if the size computation overflows! Oh, good point! I even looked at that code but I failed to connect the dots. I'll fix that, too.
Comment hidden (mozreview-request) |
Assignee | ||
Comment 4•8 years ago
|
||
try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=833e56932029
Assignee | ||
Updated•8 years ago
|
Summary: InfallibleAllocPolicy::reportAllocOverflow should crash → InfallibleAllocPolicy should crash on overflow
Comment 5•8 years ago
|
||
mozreview-review |
Comment on attachment 8782680 [details] Bug 1295688 - InfallibleAllocPolicy should crash on overflow. https://reviewboard.mozilla.org/r/72740/#review71314 ::: memory/mozalloc/mozalloc.h:30 (Diff revision 1) > # include <string.h> > #endif > > #if defined(__cplusplus) > #include "mozilla/fallible.h" > +#include "mozilla/mozalloc_abort.h" Can you tell what kind of circular #includes you're avoiding? This file is already including things from MFBT, how does adding Assertions.h to the list make things worse? ::: memory/mozalloc/mozalloc.h:296 (Diff revision 1) > public: > template <typename T> > T* pod_malloc(size_t aNumElems) > { > if (aNumElems & mozilla::tl::MulOverflowMask<sizeof(T)>::value) { > - return nullptr; > + mozalloc_abort("overflow in pod_malloc"); Is there value having a separate message here? Why not simply call reportAllocOverflow?
Comment 6•8 years ago
|
||
mozreview-review |
Comment on attachment 8782680 [details] Bug 1295688 - InfallibleAllocPolicy should crash on overflow. https://reviewboard.mozilla.org/r/72740/#review71316
Attachment #8782680 -
Flags: review?(mh+mozilla) → review+
Assignee | ||
Comment 7•8 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #5) > Can you tell what kind of circular #includes you're avoiding? This file is > already including things from MFBT, how does adding Assertions.h to the list > make things worse? I get errors like this in other files when I include Assertions.h and use MOZ_CRASH in mozalloc.h: [...] In file included from [...]/dist/include/mozilla/Assertions.h:22: In file included from [...]/dist/include/nsTraceRefcnt.h:10: In file included from [...]/dist/include/nscore.h:20: [...]dist/include/mozilla/mozalloc.h:324:9: error: use of undeclared identifier 'MOZ_CRASH' Assertions.h uses nsTraceRefcnt::WalkTheStack(). > Is there value having a separate message here? Why not simply call reportAllocOverflow? That's a good point, I'll do that.
Comment hidden (mozreview-request) |
Pushed by amccreight@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c4d874b35d35 InfallibleAllocPolicy should crash on overflow. r=glandium
Comment 10•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/c4d874b35d35
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in
before you can comment on or make changes to this bug.
Description
•