[ZBX-16045] mem_bucket_by_size() has a big bug Created: 2019 Apr 26  Updated: 2024 Apr 10  Resolved: 2019 Jun 19

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Proxy (P), Server (S)
Affects Version/s: 3.0.27, 4.0.7, 4.2.1
Fix Version/s: None

Type: Problem report Priority: Blocker
Reporter: MATSUDA Daiki Assignee: Zabbix Development Team
Resolution: Won't fix Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Team: Team C
Team: Team C

 Description   

src/libs/zbxmemory/memalloc.c : mem_bucket_by_size() code is following

static int mem_bucket_by_size(zbx_uint64_t size)

{ if (size < MEM_MIN_BUCKET_SIZE) return 0; if (size < MEM_MAX_BUCKET_SIZE) return (size - MEM_MIN_BUCKET_SIZE) >> 3; return MEM_BUCKET_COUNT - 1; }

It must be following, especially size over MEM_MAX_BUCKET_SIZE is critical bug.

static int mem_bucket_by_size(zbx_uint64_t size)

{ if (MEM_MIN_BUCKET_SIZE > size) return 0; if (MEM_MAX_BUCKET_SIZE < size) return (size - MEM_MIN_BUCKET_SIZE) >> 3; return MEM_BUCKET_COUNT - 1; }

 Comments   
Comment by MATSUDA Daiki [ 2019 Apr 26 ]

In addition, there are many unruled expressions in rc/libs/zbxmemory/memalloc.c.

In if(), the rule must be like following
if ('const value' == variable)

Comment by MATSUDA Daiki [ 2019 Apr 26 ]

Sorry, this is my mistake.

But if() expression should be corrected.

Comment by Aleksejs Sestakovs [ 2019 Jun 18 ]

 Hi Daiki,

Could you please explain why do you think that there is a critical bug? If size exceeds MEM_MAX_BUCKET_SIZE then (MEM_BUCKET_COUNT - 1) will be returned as expected. Possible functions outcome:

  • size is less than MEM_MIN_BUCKET_SIZE : return 0;
  • size is between MEM_MIN_BUCKET_SIZE and MEM_MAX_BUCKET_SIZE : return (size - MEM_MIN_BUCKET_SIZE) >> 3;
  • size exceeds MEM_MAX_BUCKET_SIZE : return MEM_BUCKET_COUNT - 1;**

Can you provide a scenario where the current mem_bucket_by_size() implementation leads to an error or other problem?

Comment by MATSUDA Daiki [ 2019 Jun 19 ]

It was just my mistake. Its algorithm does not have a bug.

Comment by Aleksejs Sestakovs [ 2019 Jun 19 ]

Thank you for the clarification. We will close the ticket.

Generated at Tue Apr 16 18:24:43 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.