From 327481a4b0acf485d0cbdd8635dd9b886ba3f2a7 Mon Sep 17 00:00:00 2001 From: Minh Quan Ho <1337056+hominhquan@users.noreply.github.com> Date: Tue, 12 Oct 2021 19:53:04 +0200 Subject: [PATCH] Fix insufficient pool-growing logic in bli_pool.c. (#559) Details: - The current mechanism for growing a pool_t doubles the length of the block_ptrs array every time the array length needs to be increased due to new blocks being added. However, that logic did not take in account the new total number of blocks, and the fact that the caller may be requesting more blocks that would fit even after doubling the current length of block_ptrs. The code comments now contain two illustrating examples that show why, even after doubling, we must always have at least enough room to fit all of the old blocks plus the newly requested blocks. - This commit also happens to fix a memory corruption issue that stems from growing any pool_t that is initialized with a block_ptrs length of 0. (Previously, the memory pool for packed buffers of C was initialized with a block_ptrs length of 0, but because it is unused this bug did not manifest by default.) - Co-authored-by: Minh Quan Ho --- frame/base/bli_pool.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/frame/base/bli_pool.c b/frame/base/bli_pool.c index 08876c68a..e2c12ebd9 100644 --- a/frame/base/bli_pool.c +++ b/frame/base/bli_pool.c @@ -373,7 +373,15 @@ void bli_pool_grow { // To prevent this from happening often, we double the current // length of the block_ptrs array. - const siz_t block_ptrs_len_new = 2 * block_ptrs_len_cur; + // Sanity: make sure that the block_ptrs_len_new will be at least + // num_blocks_new, in case doubling the block_ptrs_len_cur is not enough. + // Example 1: + // - block_ptrs_len_cur == num_blocks_cur == 0 and num_blocks_add = 1 + // - So doubling: 2 * block_ptrs_len_cur = 0, whereas 1 is expected + // Example 2: + // - block_ptrs_len_cur == num_blocks_cur == 10 and num_blocks_add = 30 + // - So doubling: 2 * block_ptrs_len_cur = 20, whereas 40 is expected + const siz_t block_ptrs_len_new = bli_max( (2 * block_ptrs_len_cur), num_blocks_new ); #ifdef BLIS_ENABLE_MEM_TRACING printf( "bli_pool_grow(): growing block_ptrs_len (%d -> %d): ",