940a2e02b2
In arena_ralloc_large_grow(), update the map element for the end of the
newly grown run, rather than the interior map element that was the
beginning of the appended run. This is a long-standing bug, and it had
the potential to cause massive corruption, but triggering it required
roughly the following sequence of events:
1) Large in-place growing realloc(), with left-over space in the run
that followed the large object.
2) Allocation of the remainder run left over from (1).
3) Deallocation of the remainder run *before* deallocation of the
large run, with unfortunate interior map state left over from
previous run allocation/deallocation activity, such that one or
more pages of allocated memory would be treated as part of the
remainder run during run coalescing.
In summary, this was a bad bug, but it was difficult to trigger.
In arena_bin_malloc_hard(), if another thread wins the race to allocate
a bin run, dispose of the spare run via arena_bin_lower_run() rather
than arena_run_dalloc(), since the run has already been prepared for use
as a bin run. This bug has existed since March 14, 2010:
|
||
|---|---|---|
| .. | ||
| bin | ||
| doc | ||
| include/jemalloc | ||
| src | ||
| test | ||
| autogen.sh | ||
| config.guess | ||
| config.stamp.in | ||
| config.sub | ||
| configure.ac | ||
| COPYING | ||
| INSTALL | ||
| install-sh | ||
| Makefile.in | ||
| README | ||
jemalloc is a general-purpose scalable concurrent malloc(3) implementation. This distribution is a stand-alone "portable" implementation that currently targets only Linux. jemalloc is included as the default allocator in the FreeBSD and NetBSD operating systems, and it is used by the Mozilla Firefox web browser on Microsoft Windows-related platforms. Depending on your needs, one of the other divergent versions may suit your needs better than this distribution. The COPYING file contains copyright and licensing information. The INSTALL file contains information on how to configure, build, and install jemalloc. URL: http://www.canonware.com/jemalloc/