Richard W.M. Jones
2019-Sep-13 17:52 UTC
[Libguestfs] [PATCH nbdkit] common/bitmap: Don't fail on realloc (ptr, 0)
The following commands: nbdkit -fv --filter=cow memory size=512 --run 'qemu-img info $nbd' nbdkit -fv --filter=cache memory size=512 --run 'qemu-img info $nbd' both fail with: nbdkit: memory[1]: error: realloc: Success Initial git bisect pointed to commit 3166d2bcbfd2 (but I don't believe that commit is the real cause, it merely exposes the bug). The reason this happens is because the new behaviour after commit 3166d2bcbfd2 is to round down the size of the underlying disk to the cow/cache filter block size (4096 bytes). => The size of the disk is rounded down to 0. => The cow/cache filter requests a bitmap of size 0. => We call realloc (ptr, 0). => realloc returns NULL + errno == 0 in this case since it is not an error. The current commit changes the realloc call so that it does not fail in this case. There are many other places in nbdkit where we call realloc, and I did not vet any of them to see if similar bugs could be present, but it is quite likely. Note that the correct use of the cow/cache filter in this case is to combine it with the truncate filter, eg: nbdkit -fv --filter=cow --filter=truncate memory size=512 round-up=4096 --- common/bitmap/bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/bitmap/bitmap.c b/common/bitmap/bitmap.c index caac916..6bf04dc 100644 --- a/common/bitmap/bitmap.c +++ b/common/bitmap/bitmap.c @@ -60,7 +60,7 @@ bitmap_resize (struct bitmap *bm, uint64_t new_size) new_bm_size = (size_t) new_bm_size_u64; new_bitmap = realloc (bm->bitmap, new_bm_size); - if (new_bitmap == NULL) { + if (new_bm_size && new_bitmap == NULL) { nbdkit_error ("realloc: %m"); return -1; } -- 2.23.0
Eric Blake
2019-Sep-15 01:52 UTC
Re: [Libguestfs] [PATCH nbdkit] common/bitmap: Don't fail on realloc (ptr, 0)
On 9/13/19 12:52 PM, Richard W.M. Jones wrote:> The following commands: > > nbdkit -fv --filter=cow memory size=512 --run 'qemu-img info $nbd' > nbdkit -fv --filter=cache memory size=512 --run 'qemu-img info $nbd' > > both fail with: > > nbdkit: memory[1]: error: realloc: Success > > Initial git bisect pointed to commit 3166d2bcbfd2 (but I don't believe > that commit is the real cause, it merely exposes the bug). > > The reason this happens is because the new behaviour after > commit 3166d2bcbfd2 is to round down the size of the underlying disk > to the cow/cache filter block size (4096 bytes). > > => The size of the disk is rounded down to 0. > > => The cow/cache filter requests a bitmap of size 0. > > => We call realloc (ptr, 0). > > => realloc returns NULL + errno == 0 in this case since it is not an > error.C11 says that whether realloc() returns NULL in this case is unspecified; glibc happens to free the old pointer (if one was set) and return NULL without setting errno (making it a successful alias for free(ptr)), but other platforms treat it identically to their malloc(0) (whether that mean returning a non-NULL pointer on BSD, or returning NULL and setting errno because no 0-sized allocations are permitted - I think HP-UX was such a platform). In general, it's better to avoid 0-sized realloc in the first place because of these differences in behavior, especially when ptr is non-NULL (as you could end up leaking memory: glibc(ptr,0) frees ptr, but a platform that forbids malloc(0) leaves ptr allocated).> > The current commit changes the realloc call so that it does not fail > in this case. There are many other places in nbdkit where we call > realloc, and I did not vet any of them to see if similar bugs could be > present, but it is quite likely. > > Note that the correct use of the cow/cache filter in this case is to > combine it with the truncate filter, eg: > > nbdkit -fv --filter=cow --filter=truncate memory size=512 round-up=4096 > --- > common/bitmap/bitmap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/common/bitmap/bitmap.c b/common/bitmap/bitmap.c > index caac916..6bf04dc 100644 > --- a/common/bitmap/bitmap.c > +++ b/common/bitmap/bitmap.c > @@ -60,7 +60,7 @@ bitmap_resize (struct bitmap *bm, uint64_t new_size) > new_bm_size = (size_t) new_bm_size_u64; > > new_bitmap = realloc (bm->bitmap, new_bm_size); > - if (new_bitmap == NULL) { > + if (new_bm_size && new_bitmap == NULL) { > nbdkit_error ("realloc: %m"); > return -1; > }This avoids the failure, but is probably not as safe as avoiding the 0-length allocation in the first place. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
Seemingly Similar Threads
- [PATCH nbdkit v2] common/bitmap: Don't fail on realloc (ptr, 0)
- [PATCH nbdkit v2] common/bitmap: Don't fail on realloc (ptr, 0)
- [PATCH nbdkit] common: Move shared bitmap code to a common library.
- [PATCH nbdkit v2] common: Move shared bitmap code to a common library.
- [PATCH nbdkit v3] common: Move shared bitmap code to a common library.