Fix a bug with a crash when slab alloc arena is full.

When the slab alloc arena is fully used, and we try to truncate a space, we could crash, since a) we never check return value of salloc() b) we used to salloc() an iterator for truncate(), and it would return NULL, and we would try to access it without a check. The fix is: - to throw exceptions directly from salloc() - to not use salloc() for iterators, since we still should be able to truncate a namespace when the slab alloc arena is full.

Fix a bug with a crash when slab alloc arena is full.
879b7026 · Konstantin Osipov · 59d244fc · 879b7026 · 879b7026 · 879b7026
Commit 879b7026 authored 12 years ago by Konstantin Osipov
--- a/include/salloc.h
+++ b/include/salloc.h
@@ -34,7 +34,7 @@ struct tbuf;
 bool salloc_init(size_t size, size_t minimal, double factor);
 void salloc_destroy(void);
-void *salloc(size_t size);
+void *salloc(size_t size, const char *what);
 void sfree(void *ptr);
 void slab_validate();
 void slab_stat(struct tbuf *buf);

--- a/mod/box/index.m
+++ b/mod/box/index.m
@@ -224,7 +224,7 @@ void
 hash_iterator_free(struct iterator *iterator)
 {
 	assert(iterator->next == hash_iterator_next);
-	sfree(iterator);
+	free(iterator);
 }
@@ -285,7 +285,7 @@ hash_iterator_free(struct iterator *iterator)
 - (struct iterator *) allocIterator
 {
-	struct hash_iterator *it = salloc(sizeof(struct hash_iterator));
+	struct hash_iterator *it = malloc(sizeof(struct hash_iterator));
 	if (it) {
 		memset(it, 0, sizeof(struct hash_iterator));
 		it->base.next = hash_iterator_next;

--- a/mod/box/tree.m
+++ b/mod/box/tree.m
@@ -26,7 +26,6 @@
 #include "tree.h"
 #include "box.h"
 #include "tuple.h"
-#include <salloc.h>
 #include <pickle.h>
 /* {{{ Utilities. *************************************************/
@@ -801,7 +800,7 @@ tree_iterator_free(struct iterator *iterator)
 	if (it->iter)
 		sptree_index_iterator_free(it->iter);
-	sfree(it);
+	free(it);
 }
 /* }}} */
@@ -926,7 +925,7 @@ tree_iterator_free(struct iterator *iterator)
 - (struct iterator *) allocIterator
 {
 	struct tree_iterator *it
-		= salloc(sizeof(struct tree_iterator) + SIZEOF_SPARSE_PARTS(key_def));
+		= malloc(sizeof(struct tree_iterator) + SIZEOF_SPARSE_PARTS(key_def));
 	if (it) {
 		memset(it, 0, sizeof(struct tree_iterator));

--- a/mod/box/tuple.m
+++ b/mod/box/tuple.m
@@ -39,10 +39,7 @@ struct box_tuple *
 tuple_alloc(size_t size)
 {
 	size_t total = sizeof(struct box_tuple) + size;
-	struct box_tuple *tuple = salloc(total);
+	struct box_tuple *tuple = salloc(total, "tuple");
-	if (tuple == NULL)
-		tnt_raise(LoggedError, :ER_MEMORY_ISSUE, total, "slab allocator", "tuple");
 	tuple->flags = tuple->refs = 0;
 	tuple->bsize = size;

--- a/src/salloc.m
+++ b/src/salloc.m
@@ -38,6 +38,7 @@
 #include <util.h>
 #include <tbuf.h>
 #include <say.h>
+#include "exception.h"
 #define SLAB_ALIGN_PTR(ptr) (void *)((uintptr_t)(ptr) & ~(SLAB_SIZE - 1))
@@ -258,17 +259,18 @@ valid_item(struct slab *slab, void *item)
 #endif
 void *
-salloc(size_t size)
+salloc(size_t size, const char *what)
 {
 	struct slab_class *class;
 	struct slab *slab;
 	struct slab_item *item;
-	if ((class = class_for(size)) == NULL)
+	if ((class = class_for(size)) == NULL ||
-		return NULL;
+	    (slab = slab_of(class)) == NULL) {
-	if ((slab = slab_of(class)) == NULL)
+		tnt_raise(LoggedError, :ER_MEMORY_ISSUE, size,
-		return NULL;
+			  "slab allocator", what);
+	}
 	if (slab->free == NULL) {
 		assert(valid_item(slab, slab->brk));