On Tue, Oct 20, 2020 at 11:33:36AM -0700, Jeremy Allison via samba-technical wrote:
> On Tue, Oct 20, 2020 at 01:03:14PM -0500, Arran Cudbard-Bell wrote:
> >
> > Then there's another issue with object_count ending
> > up off by one, which means talloc_free_children doesn't
> > actually return memory to the pool, and that messes up
> > some of the other tests I'm adding. Just tracking down
> > when and why this happens now.... It might have been a
> > pre-existing issue and not related to this patch, I'm just
> > seeing it because of using talloc_free_children to reset
> > the pool between some tests.
>
> Oh, I think that may be here:
>
> 1894 #if ALWAYS_REALLOC
> 1895 if (pool_hdr) {
> 1896 new_ptr = tc_alloc_pool(tc, size + TC_HDR_SIZE, 0);
> 1897 pool_hdr->object_count--;
> 1898
>
> We don't reset pool_hdr->object_count on early return
> in this codepath.
>
> Are you setting ALWAYS_REALLOC==1 in your tests ?
>
> Not sure if this should be:
>
> 1894 #if (ALWAYS_REALLOC != 0)
Ah no, it's not that (although that is a bug
in the ALWAYS_REALLOC==1 case).
The problem is in this section:
1951 if (pool_hdr) {
1952 struct talloc_chunk *pool_tc;
1953 void *next_tc = tc_next_chunk(tc);
1954 size_t old_chunk_size = TC_ALIGN16(TC_HDR_SIZE + tc->size);
1955 size_t new_chunk_size = TC_ALIGN16(TC_HDR_SIZE + size);
1956 size_t space_needed;
1957 size_t space_left;
1958 unsigned int chunk_count = pool_hdr->object_count;
1959
1960 pool_tc = talloc_chunk_from_pool(pool_hdr);
1961 if (!(pool_tc->flags & TALLOC_FLAG_FREE)) {
1962 chunk_count -= 1;
1963 }
we don't put chunk_count back into pool_hdr->object_count
after decrementing it. Still investigating...