Bug 478576 - infinite loop in jemalloc:chunk_recycle_reserve; r=pavlov
authorJason Evans <jasone@canonware.com>
Sun, 22 Feb 2009 19:12:27 +0100
changeset 23364 0fcd0d3d84e3876b54d440c12c5b4f481377ef56
parent 23363 b6798ad69695b14098fb105faa6ae308ac9c87af
child 23365 63140b6658d249df6839d45c8e02ffd8aa084261
push id740
push usersgautherie.bz@free.fr
push dateSun, 22 Feb 2009 18:31:39 +0000
reviewerspavlov
bugs478576
milestone1.9.1b3pre
Bug 478576 - infinite loop in jemalloc:chunk_recycle_reserve; r=pavlov Avoid an infinite loop if the malloc reserve is depleted and there are no registered event notification handlers.
memory/jemalloc/jemalloc.c
--- a/memory/jemalloc/jemalloc.c
+++ b/memory/jemalloc/jemalloc.c
@@ -2527,33 +2527,37 @@ chunk_recycle_reserve(size_t size, bool 
 			chunk = chunk_alloc_mmap(diff, true);
 			malloc_mutex_lock(&reserve_mtx);
 			if (chunk == NULL) {
 				uint64_t seq = 0;
 
 				do {
 					seq = reserve_notify(RESERVE_CND_LOW,
 					    size, seq);
-				} while (reserve_cur < reserve_min && seq != 0);
+					if (seq == 0)
+						goto MALLOC_OUT;
+				} while (reserve_cur < reserve_min);
 			} else {
 				extent_node_t *node;
 
 				node = chunk_dealloc_reserve(chunk, diff);
 				if (node == NULL) {
 					uint64_t seq = 0;
 
 					pages_unmap(chunk, diff);
 					do {
 						seq = reserve_notify(
 						    RESERVE_CND_LOW, size, seq);
-					} while (reserve_cur < reserve_min &&
-					    seq != 0);
+						if (seq == 0)
+							goto MALLOC_OUT;
+					} while (reserve_cur < reserve_min);
 				}
 			}
 		}
+MALLOC_OUT:
 		malloc_mutex_unlock(&reserve_mtx);
 
 #ifdef MALLOC_DECOMMIT
 		pages_commit(ret, size);
 #  undef diff
 #else
 		if (zero)
 			memset(ret, 0, size);