Page MenuHomePhabricator

eina_mempool_from invalid memory read.
Closed, ResolvedPublic



It looks like eina_mempool_from() is accessing invalid memory regions in some cases. It looks like that this problem happens when lots of eina_mempool_from() + eina_mempool_free() calls are happening. I've created a sample test program which valgrind will complain about the invalid memory access.

This problems happens using chained mempools and big_one.

here's the valgrind output

==2436== Invalid read of size 8
==2436==    at 0x4EB3045: eina_chained_mempool_from (eina_chained_mempool.c:423)
==2436==    by 0x108A8A: eina_mempool_from (in /home/iscaro/mp)
==2436==    by 0x108BBA: main (in /home/iscaro/mp)
==2436==  Address 0x700d0a0 is 80 bytes inside a recently re-allocated block of size 12,240 alloc'd
==2436==    at 0x4C2BE7F: malloc (in /usr/lib/valgrind/
==2436==    by 0x4EB287E: _eina_chained_mp_pool_new (eina_chained_mempool.c:134)
==2436==    by 0x4EB2DAB: eina_chained_mempool_malloc (eina_chained_mempool.c:312)
==2436==    by 0x1089F1: eina_mempool_calloc (in /home/iscaro/mp)
==2436==    by 0x108B1B: main (in /home/iscaro/mp)


iscaro created this task.Aug 31 2017, 9:36 AM

Hum,I will look into it next week.

blocking the merge of new eina future branch (D5131), since @iscaro already converted Efl.Io.Copier and Efl.Net to use it and that's when we noticed the problem :-/

barbieri triaged this task as High priority.Sep 1 2017, 4:29 AM
iscaro added a comment.Sep 4 2017, 8:00 AM

Hello, @cedric

Thanks for the fix (commit c9a0237770a7fb0f1d94c9f99b7cab68399a922f), however it looks like you forgot to fix the problem for the one_big backend.

When possible, could you please, fix the one_big backend as well?


sharkcz added a subscriber: sharkcz.Sep 4 2017, 1:59 PM

Hi, the commit doesn't seem to be correct, the "for" cycle uses the "last" variable, but it's available only when efl is built with valgrind (guarded by #ifndef NVALGRIND).

as reported by T5981

cedric added a comment.Sep 4 2017, 4:40 PM

@sharkcz good point will fix that and one big.

cedric closed this task as Resolved.Sep 5 2017, 4:57 PM