After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 741106 - (Mark) Problem with low memory and realloc
(Mark)
Problem with low memory and realloc
Status: RESOLVED OBSOLETE
Product: libxml2
Classification: Platform
Component: general
git master
Other All
: Normal normal
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2014-12-04 11:36 UTC by Mark Rance
Modified: 2021-07-05 13:24 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
This is a close as possible to the current memory code to show the error (7.76 KB, application/octet-stream)
2014-12-23 10:32 UTC, Mark Rance
Details

Description Mark Rance 2014-12-04 11:36:07 UTC
With version 2.9.2 of libxml2 and xmlReallocLoc in file xmlmemory.c if the realloc fails (line 347) the original block of memory is now freed, this causes freed memory to be accessed later on when closing streams.

I think this is made worse by the encoding functions for example xmlCharEncFirstLineInput checks for xmlBufAvail and subtract 1 from then thinks that 4gb of memory is available (e.g. line 2069 of encoding.c, which then drops it to 360 bytes of available memory)

In version 2.9.1 it just leaked and caused a double free error when checking the mh_tag structure member as various stream close operations are performed.

One thing I do to help show these errors is add a debugging variable so when debugging I can artificially return fail on realloc or malloc when hitting a certain memory limit, I hope that makes sense.
Comment 1 Mark Rance 2014-12-23 10:32:03 UTC
Created attachment 293242 [details]
This is a close as possible to the current memory code to show the error

I have found quite a few places where low memory causes unexpected problems. The problem I was getting was with the realloc function. I've attached the source files and a VS2010 project is here http://www.avcosystems.com/temp/Libxml2Test.zip
to show the problem and the cure I am using. 
There are lots of places in the current library where there is this line of code written = xmlBufAvail(out) - 1;
This returns 0 when there is no memory which has one subtracted making it 0xFFFFFFFF (sometimes this is dropped to  256 * 1024) but this is obviously still wrong when out of memory although it may be sorted out later.
Comment 2 GNOME Infrastructure Team 2021-07-05 13:24:58 UTC
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/libxml2/-/issues/

Thank you for your understanding and your help.