Age | Commit message (Collapse) | Author |
|
|
|
|
|
Fix integer overflow when set a large maximum value for atom table
OTP-14796
|
|
|
|
When compiling Erlang source code, the literal area for the
module can only contain data types that have a literal
syntax.
However, it is possible to sneak in other data types
(such as references) in the literal pool by compiling from
abstract or assembly code. Those "fake literals" would work
fine, but would crash the runtime system when the module containing
the literals was purged.
Although fake literals are not officially supported, the
runtime should not crash when attempting to use them.
Therefore, fix the garbage collection of literals and releasing
of literal areas.
https://bugs.erlang.org/browse/ERL-508
|
|
* bjorn/base64-in-dumps/OTP-14686:
Use base64 encoding in crash dumps
Correct parsing of sub binaries
Generalize passing of options for decoding
|
|
|
|
This will reduce the size of crash dumps, especially if
there are large binaries.
|
|
MAX_ATOM_TABLE_SIZE
Currently, the max atom size on 64-bits Erlang is
((UWORD_CONSTANT(1) << 32) = 4294967296
This number will cause the range of atom size to be displayed as
[8192-0].
Also, the +t option for max atom size will be parsed as a long type, and
assigned to a int variable erts_atom_table_size (erl_init.c),
which will cause integer overflow if the number is larger than the
maximum value a 4-bytes signed integer can hold
((1 << 31) - 1) = 2147483647
Therefore, during the comparison
erts_atom_table_size < MIN_ATOM_TABLE_SIZE
any number above 2147483647 will be come negative, and causing
the condition to be true, which then errored out as bad atom table size.
Hence, the actual max atom size is same as the max signed int value.
|
|
When setting maximum atom table size using +t option, there will be a
integer overflow for a large size.
$ erl +t2147482625
ll_alloc: Cannot allocate 18446744073692774400 bytes of memory
(of type "atom_tab").
The overflow is caused by the arithmetic operations on int type.
When 2147482625 + 1024 it will become -2147483647 due to the signed
integerger overflow. Then the result will be resized to Uint type, which
is a unsigned long type, the negative int will first be expand to 64
bits long via sign extension, then change to unsigned type, which
becomes 18446744073692774400.
The fix is done by convert `limit` to Uint type before doing any
arithmetic operation. This will expand variable to 64 bits long type via
zero extension, then the following operation are all positive, therefore
no overflow will happen.
Note: here we assume the int `limit` passed in is always positive. If
some future change cause the `limit` passed in maybe negative, then the
current fix will also cause overflow.
|
|
|
|
* rickard/node-mon-proc-exit-race/OTP-14781:
Fix triggering of node monitors
|
|
|
|
|
|
when done by enif_free_env or enif_clear_env.
Do check before we free heap fragments.
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
inets: Prepare for release
inets: Add missing guard
Avoid WindowBits=8 as per the manual
Fix deflateParams on zlib 1.2.11
Ignore empty binaries in enif_inspect_iovec
Emasculate writable binaries on entering an iovec
Only apply EOS behaviors if there's pending data
Stop assuming that all schedulers are managed when updating msacc
|
|
* john/erts/msacc-dirty-schedulers/OTP-14707:
Stop assuming that all schedulers are managed when updating msacc
|
|
* sverker/systask-reqid-bug:
erts: Fix bug in systask scheduling
|
|
|
|
The lack of this caused serious data corruption when a binary was
altered after entering the queue. This went unnoticed because it
was never used without erlang:iolist_to_iovec, which always
emasculates binaries.
|
|
when request id is an immediate.
Ex:
erlang:garbage_collect(P, [{async,Immediate}]).
may crash the VM.
|
|
Native code does not register its literals in the code header for the
loaded code. Therefore, a literal created by native code can not be
found by mark_literal(). Ignore literals that can't be found instead
of crashing (the crasdump_viewer will report such literals as
incomplete heap data, but will not crash).
|
|
This fixes statistics_SUITE:msacc when dirty schedulers are used
during the test.
|
|
* maint-20:
Updated OTP version
Update release notes
Update version numbers
erts: Fix so that bind correct schedulers
Update version
Fix error handling when decoding an AVP with an alternate dictionary
Remove unused function arguments
Fix faulty recursion
vsn -> 2.1.2
Update appup for ERIERL-14684
Fix speling error 'sndbuf' -> 'recbuf'
Add zlib:set_controlling_process/2
|
|
When the cpu ids and scheduler ids don't match,
the end schedulers could end up not being bound
when they should be.
example:
> taskset -c 1-3 erl +S 4 +sbts
> erlang:system_info(scheduler_bindings).
{1,2,3,unbound}
This fix makes it so that all cores are used to
bind schedulers.
|
|
|
|
|
|
When a literal was used from several processes, the literal would
be dumped in only one of the processes. The other processes
that referenced the literals would have incomplete heap data.
|
|
Maps would be dumped as the atom 'undefined', which is
not very informative.
|
|
Writing of crash dumps were done using unbuffered IO. This
is slow since many small writes are done.
Use a FILE* with an allocated buffer to obtain buffered IO.
I wrote a small test program that created 50000 binaries of 200 bytes
each and then created a crash dump. The crash dumping was an order of
magnitude faster with buffered IO than without.
|
|
This reverts commit 0717a2194e863f3a78595184ccc5637697f03353, reversing
changes made to 71a40658a0cef8b3e25df3a8e48a72d0563a89bf.
|
|
* lukas/erts/tracing/recv_exit_signal_deadlock/OTP-14678:
erts: Fix lock order when recv tracing trapped exit signal
|
|
* lukas/erts/fix_caller_trace_for_apply_bifs/OTP-14677:
erts: Fix caller trace for apply bifs
|
|
|
|
* sverker/bad-dist-msg-bug/ERIERL-80/OTP-14661:
erts: Fix bug when detecting bad dist message
Add distribution_SUITE:bad_dist_ext_size
|
|
Bifs that are called through the export entry
using i_call_last could have their cp set to
return_trace, just like any other call. So we
have to unwind the trace stack to get the correct
cp. Not doing this creates a lot of issues for
fprof.
|
|
* sverker/bad-dist-msg-bug/ERIERL-80/OTP-14661:
erts: Fix bug when detecting bad dist message
Add distribution_SUITE:bad_dist_ext_size
|
|
* sverker/19/on_load-on_load-bug/OTP-14612:
erts: Fix 'on_load' tracing bug for modules with -on_load
code_SUITE:on_load_trace_on_load
|
|
maint-19
* sverker/19/binary_to_atom-utf8-crash/ERL-474/OTP-14590:
erts: Fix crash in binary_to_atom/term for invalid utf8
|
|
* rickard/timer-sid-bug/OTP-14548:
Fix scheduler id field in timers
|
|
|
|
We can't just leave it in queue with dist_ext=NULL.
Two symptoms seen:
1. 'receive' trying to deref dist_ext as NULL.
2. GC think it's a term and put THE_NON_VALUE in root set.
|
|
|
|
The byte_offset of sub-binaries wasn't taken into account for
ProcBins, subtly ruining the results. The test suite didn't catch
it since it didn't check for sub-binaries in particular, and only
checked for equality between variations -- not whether the output
was equal to the input.
|
|
sverker/on_load-on_load-bug/OTP-14612
|
|
Symptom: VM crash when erlang:trace_pattern(on_load, ..) is set and
module with -on_load is loaded.
Problem: Tracing and -on_load clash in their use of Export.beam[1]
Solution: Do not do call set_default_trace_pattern in finish_loading_1
for modules with -on_load. finish_after_on_load_2 will do that anyway.
|
|
* sverker/ets-fix-assert-fix:
erts: Fix faulty ASSERT of table fixation counter
|
|
* sverker/valgrind-fixes/OTP-14609:
erts: Suppress false memory leak for dlerror
[ct] Cleanup and rename purify related functions as valgrind
Revert "remove unused purify functions"
erts: Fix memory leak when sending to terminating port
erts: Fix harmless use of uninitialised value
|
|
* lukas/erts/fix_warnings:
Fix some clang warnings
Fix unused-functions warnings
|
|
|