huge realloc problem with multiple threads
Rich Prohaska
prohaska at tokutek.com
Mon Nov 7 10:20:29 PST 2011
there is a race in the jemalloc implementation of huge realloc's. the code
mremap's without holding a lock, and then removes the old address from the
extent tree. the mremap makes the old address available for mmap, thus
allowing another thread to get its hands on the old address before the
first thread is done with it.
the attached test program will hit an assert in the red black tree after a
while when jemalloc is configured with debug enabled.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jemalloc.net/mailman/jemalloc-discuss/attachments/20111107/7f2c392c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: realloctest.c
Type: text/x-csrc
Size: 636 bytes
Desc: not available
URL: <http://jemalloc.net/mailman/jemalloc-discuss/attachments/20111107/7f2c392c/attachment.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 266 bytes
Desc: not available
URL: <http://jemalloc.net/mailman/jemalloc-discuss/attachments/20111107/7f2c392c/attachment.obj>
More information about the jemalloc-discuss
mailing list