talloc: talloc_set_memlimit causes all reallocs to fail when used on pools. talloc_set_memlimit not enforced correctly on pools.

[Jeremy Allison]

On Tue, Oct 20, 2020 at 11:41:50AM -0700, Jeremy Allison via samba-technical wrote:
> 
> Ah no, it's not that (although that is a bug
> in the ALWAYS_REALLOC==1 case).
> 
> The problem is in this section:
> 
> 1951         if (pool_hdr) {
> 1952                 struct talloc_chunk *pool_tc;
> 1953                 void *next_tc = tc_next_chunk(tc);
> 1954                 size_t old_chunk_size = TC_ALIGN16(TC_HDR_SIZE + tc->size);
> 1955                 size_t new_chunk_size = TC_ALIGN16(TC_HDR_SIZE + size);
> 1956                 size_t space_needed;
> 1957                 size_t space_left;
> 1958                 unsigned int chunk_count = pool_hdr->object_count;
> 1959 
> 1960                 pool_tc = talloc_chunk_from_pool(pool_hdr);
> 1961                 if (!(pool_tc->flags & TALLOC_FLAG_FREE)) {
> 1962                         chunk_count -= 1;
> 1963                 }
> 
> we don't put chunk_count back into pool_hdr->object_count
> after decrementing it. Still investigating...

Oh, never mind. As we're re-allocting here we need
to leave the pool_hdr->object_count alone if we
can grow/shrink the area from the existing object,
so not updating chunk_count is correct.

All the other code paths (allocate new object
from pool and memcpy/malloc new object outside
pool and memcpy) take care of updating pool_hdr->object_count
correctly.

So I think the bug was only in your test code :-).