From a7a28c334e5526ba716bf6046eab8d60598183eb Mon Sep 17 00:00:00 2001 From: Jason Evans Date: Thu, 31 Jan 2013 16:53:58 -0800 Subject: [PATCH] Fix a chunk recycling bug. Fix a chunk recycling bug that could cause the allocator to lose track of whether a chunk was zeroed. On FreeBSD, NetBSD, and OS X, it could cause corruption if allocating via sbrk(2) (unlikely unless running with the "dss:primary" option specified). This was completely harmless on Linux unless using mlockall(2) (and unlikely even then, unless the --disable-munmap configure option or the "dss:primary" option was specified). This regression was introduced in 3.1.0 by the mlockall(2)/madvise(2) interaction fix. --- ChangeLog | 8 ++++++++ src/chunk.c | 1 + 2 files changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5f2cc455..ee63cb48 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,14 @@ found in the git revision history: * 3.x.x (XXX Not yet released) Bug fixes: + - Fix a chunk recycling bug that could cause the allocator to lose track of + whether a chunk was zeroed. On FreeBSD, NetBSD, and OS X, it could cause + corruption if allocating via sbrk(2) (unlikely unless running with the + "dss:primary" option specified). This was completely harmless on Linux + unless using mlockall(2) (and unlikely even then, unless the + --disable-munmap configure option or the "dss:primary" option was + specified). This regression was introduced in 3.1.0 by the + mlockall(2)/madvise(2) interaction fix. - Fix TLS-related memory corruption that could occur during thread exit if the thread never allocated memory. Only the quarantine and prof facilities were susceptible. diff --git a/src/chunk.c b/src/chunk.c index 46e387e1..8cff240a 100644 --- a/src/chunk.c +++ b/src/chunk.c @@ -111,6 +111,7 @@ chunk_recycle(extent_tree_t *chunks_szad, extent_tree_t *chunks_ad, size_t size, } node->addr = (void *)((uintptr_t)(ret) + size); node->size = trailsize; + node->zeroed = zeroed; extent_tree_szad_insert(chunks_szad, node); extent_tree_ad_insert(chunks_ad, node); node = NULL;