Closed Bug 1295688 Opened 8 years ago Closed 8 years ago

InfallibleAllocPolicy should crash on overflow

Categories

(Core :: Memory Allocator, defect)

Product:
Core
Component:
Memory Allocator
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox51 --- fixed

People

(Reporter: mccr8, Assigned: mccr8)

Details

Attachments

(1 file)

Bug 1295688 - InfallibleAllocPolicy should crash on overflow.
58 bytes, text/x-review-board-request
glandium
: review+
Details 
Code that uses InfallibleAllocPolicy presumably wants for operations to always succeed. However, Vector and HashTable can end up detecting that growing the data structure more will fail due to integer overflow, and then will call reportAllocOverflow() and fail. I think these should crash. It could also do an OOM crash with the max value of size_t, but maybe that's too cute.
Equally alarming: InfallibleAllocPolicy::pod_{m,re}alloc will return nullptr if the size computation overflows!

FWIW, DMD's own InfallibleAllocPolicy *does* crash in pod_{m,re}alloc and reportAllocOverflow().
(In reply to Nicholas Nethercote [:njn] from comment #1)
> Equally alarming: InfallibleAllocPolicy::pod_{m,re}alloc will return nullptr
> if the size computation overflows!

Oh, good point! I even looked at that code but I failed to connect the dots. I'll fix that, too.
Summary: InfallibleAllocPolicy::reportAllocOverflow should crash → InfallibleAllocPolicy should crash on overflow
Comment on attachment 8782680 [details]
Bug 1295688 - InfallibleAllocPolicy should crash on overflow.

https://reviewboard.mozilla.org/r/72740/#review71314

::: memory/mozalloc/mozalloc.h:30
(Diff revision 1)
>  #  include <string.h>
>  #endif
>  
>  #if defined(__cplusplus)
>  #include "mozilla/fallible.h"
> +#include "mozilla/mozalloc_abort.h"

Can you tell what kind of circular #includes you're avoiding? This file is already including things from MFBT, how does adding Assertions.h to the list make things worse?

::: memory/mozalloc/mozalloc.h:296
(Diff revision 1)
>  public:
>      template <typename T>
>      T* pod_malloc(size_t aNumElems)
>      {
>          if (aNumElems & mozilla::tl::MulOverflowMask<sizeof(T)>::value) {
> -            return nullptr;
> +            mozalloc_abort("overflow in pod_malloc");

Is there value having a separate message here? Why not simply call reportAllocOverflow?
Comment on attachment 8782680 [details]
Bug 1295688 - InfallibleAllocPolicy should crash on overflow.

https://reviewboard.mozilla.org/r/72740/#review71316
Attachment #8782680 - Flags: review?(mh+mozilla) → review+
(In reply to Mike Hommey [:glandium] from comment #5)
> Can you tell what kind of circular #includes you're avoiding? This file is
> already including things from MFBT, how does adding Assertions.h to the list
> make things worse?

I get errors like this in other files when I include Assertions.h and use MOZ_CRASH in mozalloc.h:

[...]
In file included from [...]/dist/include/mozilla/Assertions.h:22:
In file included from [...]/dist/include/nsTraceRefcnt.h:10:
In file included from [...]/dist/include/nscore.h:20:
[...]dist/include/mozilla/mozalloc.h:324:9: error: use of undeclared identifier 'MOZ_CRASH'

Assertions.h uses nsTraceRefcnt::WalkTheStack().

> Is there value having a separate message here? Why not simply call reportAllocOverflow?

That's a good point, I'll do that.
Pushed by amccreight@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c4d874b35d35
InfallibleAllocPolicy should crash on overflow. r=glandium
https://hg.mozilla.org/mozilla-central/rev/c4d874b35d35
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox51: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: