Bug 478576 - infinite loop in jemalloc:chunk_recycle_reserve; r=pavlov
authorJason Evans <jasone@canonware.com>
Sat, 21 Feb 2009 03:09:22 +0100
changeset 25341 4e454c6a79cebe51e8edc0f630a15faa14b5b367
parent 25340 d55509df48fa3638cf93bda168613c7111a80b05
child 25342 fef91437b4f039d01d641c09bfb1986a1dd92a73
push id5503
push usersgautherie.bz@free.fr
push dateSat, 21 Feb 2009 02:09:58 +0000
treeherdermozilla-central@4e454c6a79ce [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerspavlov
bugs478576
milestone1.9.2a1pre
Bug 478576 - infinite loop in jemalloc:chunk_recycle_reserve; r=pavlov Avoid an infinite loop if the malloc reserve is depleted and there are no registered event notification handlers.
memory/jemalloc/jemalloc.c
--- a/memory/jemalloc/jemalloc.c
+++ b/memory/jemalloc/jemalloc.c
@@ -2565,33 +2565,37 @@ chunk_recycle_reserve(size_t size, bool 
 			chunk = chunk_alloc_mmap(diff, true);
 			malloc_mutex_lock(&reserve_mtx);
 			if (chunk == NULL) {
 				uint64_t seq = 0;
 
 				do {
 					seq = reserve_notify(RESERVE_CND_LOW,
 					    size, seq);
-				} while (reserve_cur < reserve_min && seq != 0);
+					if (seq == 0)
+						goto MALLOC_OUT;
+				} while (reserve_cur < reserve_min);
 			} else {
 				extent_node_t *node;
 
 				node = chunk_dealloc_reserve(chunk, diff);
 				if (node == NULL) {
 					uint64_t seq = 0;
 
 					pages_unmap(chunk, diff);
 					do {
 						seq = reserve_notify(
 						    RESERVE_CND_LOW, size, seq);
-					} while (reserve_cur < reserve_min &&
-					    seq != 0);
+						if (seq == 0)
+							goto MALLOC_OUT;
+					} while (reserve_cur < reserve_min);
 				}
 			}
 		}
+MALLOC_OUT:
 		malloc_mutex_unlock(&reserve_mtx);
 
 #ifdef MALLOC_DECOMMIT
 		pages_commit(ret, size);
 #  undef diff
 #else
 		if (zero)
 			memset(ret, 0, size);