talloc: talloc_set_memlimit causes all reallocs to fail when used on pools. talloc_set_memlimit not enforced correctly on pools.
Jeremy Allison
jra at samba.org
Tue Oct 20 18:50:27 UTC 2020
On Tue, Oct 20, 2020 at 11:41:50AM -0700, Jeremy Allison via samba-technical wrote:
>
> Ah no, it's not that (although that is a bug
> in the ALWAYS_REALLOC==1 case).
>
> The problem is in this section:
>
> 1951 if (pool_hdr) {
> 1952 struct talloc_chunk *pool_tc;
> 1953 void *next_tc = tc_next_chunk(tc);
> 1954 size_t old_chunk_size = TC_ALIGN16(TC_HDR_SIZE + tc->size);
> 1955 size_t new_chunk_size = TC_ALIGN16(TC_HDR_SIZE + size);
> 1956 size_t space_needed;
> 1957 size_t space_left;
> 1958 unsigned int chunk_count = pool_hdr->object_count;
> 1959
> 1960 pool_tc = talloc_chunk_from_pool(pool_hdr);
> 1961 if (!(pool_tc->flags & TALLOC_FLAG_FREE)) {
> 1962 chunk_count -= 1;
> 1963 }
>
> we don't put chunk_count back into pool_hdr->object_count
> after decrementing it. Still investigating...
Oh, never mind. As we're re-allocting here we need
to leave the pool_hdr->object_count alone if we
can grow/shrink the area from the existing object,
so not updating chunk_count is correct.
All the other code paths (allocate new object
from pool and memcpy/malloc new object outside
pool and memcpy) take care of updating pool_hdr->object_count
correctly.
So I think the bug was only in your test code :-).
More information about the samba-technical
mailing list