From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 21C22384D1BC; Thu, 20 Oct 2022 17:06:06 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 21C22384D1BC DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666285566; bh=bMl/4ZH1+jchnNjv31ObusOPBui3XLHvyKTGL3KNhSQ=; h=From:To:Subject:Date:From; b=TlX0TRoStf/1FdzAlCNEyPbk4ZMK9Vd+8Ba2BGSy3IG5EDpxOYwOJ3Qhmb7KI7bk5 37aoOGSKJIUXByEgUXz/tJPMpyedcFnwI5qWOc9tKgVx+vOtuIJdTnbdKNiO9vkfwR jIf/nVGzVAszumi586cE9jBOh0q/yJ9EVezs6aTU= From: "milod2048 at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug malloc/29709] New: malloc: inappropriate allocation retry when exceeding sane request sizes Date: Thu, 20 Oct 2022 17:06:05 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: malloc X-Bugzilla-Version: 2.36 X-Bugzilla-Keywords: X-Bugzilla-Severity: minor X-Bugzilla-Who: milod2048 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D29709 Bug ID: 29709 Summary: malloc: inappropriate allocation retry when exceeding sane request sizes Product: glibc Version: 2.36 Status: UNCONFIRMED Severity: minor Priority: P2 Component: malloc Assignee: unassigned at sourceware dot org Reporter: milod2048 at gmail dot com Target Milestone: --- version: master 10/17/2022 02:00 PM (MESZ) h/b/t: x86_64-pc-linux-gnu configure options: --prefix=3D$(pwd)/install/ --disable-experimental-malloc kernel: Linux cbox 5.19.14-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 5 21:31:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux gcc version: gcc version 12.2.1 20220819 (Red Hat 12.2.1-2) (GCC) ld version: GNU ld version 2.37-36.fc36 A rather minor issue, but consider following scenario: A multithreaded proc= ess is linked against a build of glibc without tcache support (--disable-experimental-malloc) and makes a request for an invalid amount of memory (i.e. greater than PTRDIFF_MAX) to __libc_malloc. This would result in a failure within _int_malloc due to the sanity checks implemented in checked_request2size (req > PTRDIFF_MAX) and _int_malloc wou= ld return NULL. This in turn leads to a second allocation attempt within __libc_malloc, but this time with a different arena, which does not make mu= ch sense.=20 A retry with a different arena wont result in a successful allocation since previous failure was not caused by the arena but the invalid argument to __libc_malloc. And an invalid request will never be serviced by malloc, therefore we can skip the call to arena_get_retry plus the second allocation attempt. This behavior can also be found in the __libc_memalign function. Proposal: Differentiate between allocation failure due to actual memory shortage and allocation failure due to an invalid memory request. A second attempt should only be made if the request size is reasonable. This would prevent malloc from unnecessarily switching/creating arenas. I have already prepared a patch which should fix this minor issue. --=20 You are receiving this mail because: You are on the CC list for the bug.=