There is no range check when setting GLIBC_TUNABLES=glibc.malloc.tcache_count=N. Given the tcache->counts[] array uses a char and there are no overflow checks on this array, the count can wrap around and cause assertion failures. Eg. export GLIBC_TUNABLES=glibc.malloc.tcache_count=4096 make bench ... Running /build/glibc/benchtests/bench-strcoll bench-strcoll: malloc.c:2949: tcache_get: Assertion `tcache->counts[tc_idx] > 0' failed. Aborted So the range of the tunable must be limited to the maximum range of the tcache counts array, which would be 127 for a char.
The master branch has been updated by Wilco Dijkstra <wilco@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ad533e8e65092be962e414e0417112c65d154fb commit 5ad533e8e65092be962e414e0417112c65d154fb Author: Wilco Dijkstra <wdijkstr@arm.com> Date: Fri May 10 16:38:21 2019 +0100 Fix tcache count maximum (BZ #24531) The tcache counts[] array is a char, which has a very small range and thus may overflow. When setting tcache_count tunable, there is no overflow check. However the tunable must not be larger than the maximum value of the tcache counts[] array, otherwise it can overflow when filling the tcache. [BZ #24531] * malloc/malloc.c (MAX_TCACHE_COUNT): New define. (do_set_tcache_count): Only update if count is small enough. * manual/tunables.texi (glibc.malloc.tcache_count): Document max value.
Fixed for GLIBC 2.30.
The release/2.29/master branch has been updated by Wilco Dijkstra <wilco@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=95d66fecaabbc92ab53027e808f0fc1929c9f21a commit 95d66fecaabbc92ab53027e808f0fc1929c9f21a Author: Wilco Dijkstra <wdijkstr@arm.com> Date: Fri May 10 16:38:21 2019 +0100 Fix tcache count maximum (BZ #24531) The tcache counts[] array is a char, which has a very small range and thus may overflow. When setting tcache_count tunable, there is no overflow check. However the tunable must not be larger than the maximum value of the tcache counts[] array, otherwise it can overflow when filling the tcache. [BZ #24531] * malloc/malloc.c (MAX_TCACHE_COUNT): New define. (do_set_tcache_count): Only update if count is small enough. * manual/tunables.texi (glibc.malloc.tcache_count): Document max value. (cherry picked from commit 5ad533e8e65092be962e414e0417112c65d154fb)
The release/2.28/master branch has been updated by Wilco Dijkstra <wilco@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=58d2672f64176fcb323859d3bd5240fb1cf8f25c commit 58d2672f64176fcb323859d3bd5240fb1cf8f25c Author: Wilco Dijkstra <wdijkstr@arm.com> Date: Fri May 10 16:38:21 2019 +0100 Fix tcache count maximum (BZ #24531) The tcache counts[] array is a char, which has a very small range and thus may overflow. When setting tcache_count tunable, there is no overflow check. However the tunable must not be larger than the maximum value of the tcache counts[] array, otherwise it can overflow when filling the tcache. [BZ #24531] * malloc/malloc.c (MAX_TCACHE_COUNT): New define. (do_set_tcache_count): Only update if count is small enough. * manual/tunables.texi (glibc.malloc.tcache_count): Document max value. (cherry picked from commit 5ad533e8e65092be962e414e0417112c65d154fb)
The release/2.27/master branch has been updated by Wilco Dijkstra <wilco@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=54ba8bcd42355ad0c0ca763b6bba40a2b2829f38 commit 54ba8bcd42355ad0c0ca763b6bba40a2b2829f38 Author: Wilco Dijkstra <wdijkstr@arm.com> Date: Fri May 10 16:38:21 2019 +0100 Fix tcache count maximum (BZ #24531) The tcache counts[] array is a char, which has a very small range and thus may overflow. When setting tcache_count tunable, there is no overflow check. However the tunable must not be larger than the maximum value of the tcache counts[] array, otherwise it can overflow when filling the tcache. [BZ #24531] * malloc/malloc.c (MAX_TCACHE_COUNT): New define. (do_set_tcache_count): Only update if count is small enough. * manual/tunables.texi (glibc.malloc.tcache_count): Document max value. (cherry picked from commit 5ad533e8e65092be962e414e0417112c65d154fb)
The release/2.26/master branch has been updated by Wilco Dijkstra <wilco@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ac92c66821fae2ae6587114acc454f97a6bc7859 commit ac92c66821fae2ae6587114acc454f97a6bc7859 Author: Wilco Dijkstra <wdijkstr@arm.com> Date: Fri May 10 16:38:21 2019 +0100 Fix tcache count maximum (BZ #24531) The tcache counts[] array is a char, which has a very small range and thus may overflow. When setting tcache_count tunable, there is no overflow check. However the tunable must not be larger than the maximum value of the tcache counts[] array, otherwise it can overflow when filling the tcache. [BZ #24531] * malloc/malloc.c (MAX_TCACHE_COUNT): New define. (do_set_tcache_count): Only update if count is small enough. * manual/tunables.texi (glibc.malloc.tcache_count): Document max value. (cherry picked from commit 5ad533e8e65092be962e414e0417112c65d154fb)