On Wed, 13 Nov 2013, [email protected] wrote:
Hi,
It seems that there is a thread cache memory in case of memory has run out or
process hits to the memory limit. Basically the arena_tcache_fill_small will
start to fill the thread cache from the end and if memory allocation fails
before all cache entries have been filled the earlier thread cache entries
will contain old pointers given already to the program. Now when new
allocations are made the memory is given twice causing memory corruption.
Also the new memory allocated and placed after tbin->ncached index is leaked.
There is really simple fix for this i.e. start to fill the tcache from the
beginning. Attached patch fixes this problem that way i.e. one liner fix for
the issue. I'm not totally sure if you want to use that because this brakes
the low region using first that was with the original implementation, but on
the other hand this gives first memory that was allocated from existing
arenas, so this approach might be better in that sense.
Best regards,
Valtteri
It seems that my fix is revert for the
https://github.com/jemalloc/jemalloc/commit/9c43c13a35220c10d97a886616899189daceb359
commit.
Best regrads,
Valtteri
--
Valtteri Rahkonen
[email protected]
http://www.rahkonen.fi
+358 40 5077041
_______________________________________________
jemalloc-discuss mailing list
[email protected]
http://www.canonware.com/mailman/listinfo/jemalloc-discuss
