Crash due to ScanForCorruption in a multithreaded application

pleriche / FastMM5

FastMM is a fast replacement memory manager for Embarcadero Delphi applications that scales well across multiple threads and CPU cores, is not prone to memory fragmentation, and supports shared memory without the use of external .DLL files.

283 stars 73 forks source link

Crash due to ScanForCorruption in a multithreaded application #19

Open mterrisse opened 3 years ago

mterrisse commented 3 years ago

ScanForCorruptionBug.zip

Hello, We have problems in our multithreaded applications in debug mode after calls to ScanMemoryPoolForCorruptions (). Here is a console project that crashes with FastMM 5.03 (header or footer chechsum are incorrect). It sets FullDebugModeScanMemoryPoolBeforeEveryOperation to True, enters debug mode and run 5 threads that allocate and disallocate memory. The same code translated to FastMM4 works fine. I have noticed that it crashes even if I set CFastMM_SmallBlockArenaCount, CFastMM_MediumBlockArenaCount and CFastMM_LargeBlockArenaCount to 1.

I was not able to find what is wrong in FastMM code.

Regards,

Michel Terrisse

pleriche commented 3 years ago

Hi Michel,

Thank you for the bug report. It is due to a race condition: If a block is being reallocated or freed at the exact moment when FastMM_ScanDebugBlocksForCorruption is checking it for consistency it could potentially be detected as corrupted, even though in actuality it is fine.

The fix is to temporarily mark the block as not containing debug info while its debug header and footer are updated. This way FastMM_ScanDebugBlocksForCorruption will skip over it if it is in the process of being freed or reallocated. I've committed the fix to the repository.

Best regards, Pierre

mterrisse commented 3 years ago

Hello, I have tested your fix in our products and it works perfectly. We appreciate your reactivity on this issue. Thank you very much.

Best regards, Michel Terrisse