[ZBX-16045] mem_bucket_by_size() has a big bug Created: 2019 Apr 26 Updated: 2019 Jun 20 Resolved: 2019 Jun 19 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Proxy (P), Server (S) |
Affects Version/s: | 3.0.27, 4.0.7, 4.2.1 |
Fix Version/s: | None |
Type: | Problem report | Priority: | Blocker |
Reporter: | MATSUDA Daiki | Assignee: | Zabbix Development Team |
Resolution: | Won't fix | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Team: | Team C |
Description |
src/libs/zbxmemory/memalloc.c : mem_bucket_by_size() code is following static int mem_bucket_by_size(zbx_uint64_t size) { if (size < MEM_MIN_BUCKET_SIZE) return 0; if (size < MEM_MAX_BUCKET_SIZE) return (size - MEM_MIN_BUCKET_SIZE) >> 3; return MEM_BUCKET_COUNT - 1; }It must be following, especially size over MEM_MAX_BUCKET_SIZE is critical bug. static int mem_bucket_by_size(zbx_uint64_t size) { if (MEM_MIN_BUCKET_SIZE > size) return 0; if (MEM_MAX_BUCKET_SIZE < size) return (size - MEM_MIN_BUCKET_SIZE) >> 3; return MEM_BUCKET_COUNT - 1; } |
Comments |
Comment by MATSUDA Daiki [ 2019 Apr 26 ] |
In addition, there are many unruled expressions in rc/libs/zbxmemory/memalloc.c. In if(), the rule must be like following |
Comment by MATSUDA Daiki [ 2019 Apr 26 ] |
Sorry, this is my mistake. But if() expression should be corrected. |
Comment by Aleksejs Sestakovs [ 2019 Jun 18 ] |
Hi Daiki, Could you please explain why do you think that there is a critical bug? If size exceeds MEM_MAX_BUCKET_SIZE then (MEM_BUCKET_COUNT - 1) will be returned as expected. Possible functions outcome:
Can you provide a scenario where the current mem_bucket_by_size() implementation leads to an error or other problem? |
Comment by MATSUDA Daiki [ 2019 Jun 19 ] |
It was just my mistake. Its algorithm does not have a bug. |
Comment by Aleksejs Sestakovs [ 2019 Jun 19 ] |
Thank you for the clarification. We will close the ticket. |