Closed Bug 431743 Opened 13 years ago Closed 13 years ago

Upstream jemalloc fixes

Categories

(Core :: Memory Allocator, defect)

All
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: jasone, Assigned: jasone)

Details

Attachments

(1 file, 1 obsolete file)

malloc() uses unsigned integers to represent allocation size, but sbrk() uses a signed increment argument, thus limiting the maximum allocation size possible via sbrk().  Since sbrk() interprets a negative increment as a data storage segment (DSS) shrink, failing to detect this overflow case can cause crashes.
Assignee: jasone → nobody
Status: ASSIGNED → NEW
Component: OS Integration → jemalloc
Product: Firefox → Core
QA Contact: os.integration → jemalloc
Status: NEW → ASSIGNED
Assignee: nobody → jasone
Status: ASSIGNED → NEW
Attached patch Avoid sbrk() overflow (obsolete) — Splinter Review
Check for integer overflow before calling sbrk(2), since it uses a
signed increment argument, but the size is an unsigned integer.
Summary: Avoid sbrk() overflow → Upstream jemalloc fixes
This patch fixes three problems:

1) sbrk() overflow for huge allocations.
2) Deadlock for base (internal) allocations in OOM case.
3) Incorrect bitmap vector initialization for small allocation runs.
Attachment #319058 - Attachment is obsolete: true
Attachment #324469 - Flags: review?(benjamin)
Attachment #324469 - Flags: review?(benjamin) → review+
changeset:   15456:38972d94e631
user:        Jason Evans <jasone@canonware.com>
date:        Fri Jun 20 10:29:43 2008 -0700
summary:     Bug 431743: Upstream jemalloc fixes, r=benjamin
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.