From 6b912d7fdd5fca46dee840b0bfa6a92915c0a093 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Thu, 3 Dec 2015 14:39:31 +0100
Subject: erts: Fix bug in heap_factory_undo for FACTORY_HEAP_FRAGS mode

Make sure a heap fragment is not deallocated before all off_heap
terms have been cleared.

The fix assumes/asserts that the off_heap-lists of all additional
heap fragments are empty.

I think this bug has been harmless as hashmap nodes, which is only
ones (?) that can cause a factory to produce more heap,
are not linked in off_heap-list.
---
 erts/emulator/beam/erl_message.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'erts/emulator')

diff --git a/erts/emulator/beam/erl_message.c b/erts/emulator/beam/erl_message.c
index ef52823287..2a703fb102 100644
--- a/erts/emulator/beam/erl_message.c
+++ b/erts/emulator/beam/erl_message.c
@@ -1372,13 +1372,16 @@ void erts_factory_undo(ErtsHeapFactory* factory)
         break;
 
     case FACTORY_HEAP_FRAGS:
+	erts_cleanup_offheap(factory->off_heap);
+	factory->off_heap->first = NULL;
+
         bp = factory->heap_frags;
         do {
             ErlHeapFragment* next_bp = bp->next;
 
-            erts_cleanup_offheap(&bp->off_heap);
+            ASSERT(bp->off_heap.first == NULL);
             ERTS_HEAP_FREE(factory->alloc_type, (void *) bp,
-                           ERTS_HEAP_FRAG_SIZE(bp->size));
+                           ERTS_HEAP_FRAG_SIZE(bp->alloc_size));
             bp = next_bp;
         }while (bp != NULL);
 	break;
-- 
cgit v1.2.3