Fix segfault in extent_try_coalesce_impl
Static analysis flagged this. `extent_record` was passing `NULL` as the value for `coalesced` to `extent_try_coalesce`, which in turn passes that argument to `extent_try_coalesce_impl`, where it is written to without checking if it is `NULL`. I can confirm from reviewing the fleetwide coredump data that this was in fact being hit in production.
This commit is contained in:
Kevin Svetlitski
Qi Wang
parent
70344a2d38
commit
12311fe6c3
@ -822,6 +822,7 @@ static edata_t *
|
|||||||
extent_try_coalesce_impl(tsdn_t *tsdn, pac_t *pac, ehooks_t *ehooks,
|
extent_try_coalesce_impl(tsdn_t *tsdn, pac_t *pac, ehooks_t *ehooks,
|
||||||
ecache_t *ecache, edata_t *edata, bool *coalesced) {
|
ecache_t *ecache, edata_t *edata, bool *coalesced) {
|
||||||
assert(!edata_guarded_get(edata));
|
assert(!edata_guarded_get(edata));
|
||||||
|
assert(coalesced != NULL);
|
||||||
/*
|
/*
|
||||||
* We avoid checking / locking inactive neighbors for large size
|
* We avoid checking / locking inactive neighbors for large size
|
||||||
* classes, since they are eagerly coalesced on deallocation which can
|
* classes, since they are eagerly coalesced on deallocation which can
|
||||||
@ -928,8 +929,9 @@ extent_record(tsdn_t *tsdn, pac_t *pac, ehooks_t *ehooks, ecache_t *ecache,
|
|||||||
goto label_skip_coalesce;
|
goto label_skip_coalesce;
|
||||||
}
|
}
|
||||||
if (!ecache->delay_coalesce) {
|
if (!ecache->delay_coalesce) {
|
||||||
|
bool coalesced_unused;
|
||||||
edata = extent_try_coalesce(tsdn, pac, ehooks, ecache, edata,
|
edata = extent_try_coalesce(tsdn, pac, ehooks, ecache, edata,
|
||||||
NULL);
|
&coalesced_unused);
|
||||||
} else if (edata_size_get(edata) >= SC_LARGE_MINCLASS) {
|
} else if (edata_size_get(edata) >= SC_LARGE_MINCLASS) {
|
||||||
assert(ecache == &pac->ecache_dirty);
|
assert(ecache == &pac->ecache_dirty);
|
||||||
/* Always coalesce large extents eagerly. */
|
/* Always coalesce large extents eagerly. */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user