[PATCH 3/3] Improve zone support for OSX

Mike Hommey mh+jemalloc at glandium.org
Thu Apr 5 02:45:25 PDT 2012


On Tue, Mar 20, 2012 at 01:18:13PM -0400, Justin Lebar wrote:
> On Tue, Mar 20, 2012 at 1:10 PM, Mike Hommey <mh+jemalloc at glandium.org> wrote:
> > On Tue, Mar 20, 2012 at 01:04:54PM -0400, Justin Lebar wrote:
> >> btw, I'm skeptical of the value of supporting OSX 10.5, because 10.5
> >> occasionally passes invalid pointers to ozone_size [1].
> >>
> >> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=694335
> >
> > For one, not all jemalloc users are going to have the problem, which is
> > limited to some APIs.
> 
> True, but we of course don't know the full set of circumstances under
> which OSX will pass an invalid pointer.
> 
> > Also, AIUI, the current jemalloc code does the right thing for the
> > ozone_size, which is not the case in the old jemalloc fork we use in
> > Firefox, so depending on what is done with the result of ozone_size,
> > it might be okay.
> 
> What's the difference in behavior?
> 
> > BTW, I guess you wanted to point to
> > https://bugzilla.mozilla.org/show_bug.cgi?id=702250#c30
> 
> Yes, thanks.  And my analysis there is that 10.5 tries to free the
> internal pointer.  I'd be impressed if jemalloc handled this
> correctly!  (And even more impressed if it worked in general, for
> non-huge allocations too.  :)

>From my trivial testing, it actually works for allocations > (1 << 15).

That is:
char *ptr = malloc((1 << 15) + 1); free(ptr + 32);
does free the pointer, while
char *ptr = malloc(1 << 15); free(ptr + 32);
doesn't.

Neither crash (which is better than the crash we get with our fork :) )

Jason, how actually safe is jemalloc now, when trying to free a pointer
inside an allocation it gave out?

Mike



More information about the jemalloc-discuss mailing list