HP_MALLOC: Fix a shm_realloc() concurrency issue

On a fragment shrink operation, we must also grab the lock on the resulting fragment before inserting it (this cannot be an _unsafe operation!) Many thanks to 46Labs and Răzvan Crainea for helping troubleshoot this
OpenSIPS · Feb 4, 2020 · ff7ba6e · ff7ba6e
1 parent 7b4a54d
commit ff7ba6e
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/mem/hp_malloc_dyn.h b/mem/hp_malloc_dyn.h
@@ -1399,11 +1399,11 @@ void *hp_shm_realloc(struct hp_block *hpb, void *p, unsigned long size,
 	if (orig_size > size) {
 		/* shrink */
 		#if !defined INLINE_ALLOC && defined DBG_MALLOC
-		shm_frag_split_unsafe_dbg(hpb, f, size, file, "hp_realloc frag", line);
+		shm_frag_split_dbg(hpb, f, size, hash, file, "hp_realloc frag", line);
 		#elif !defined HP_MALLOC_DYN && !defined DBG_MALLOC
-		shm_frag_split_unsafe(hpb, f, size);
+		shm_frag_split(hpb, f, hash, size);
 		#else
-		shm_frag_split_unsafe(hpb, f, size, file, "hp_realloc frag", line);
+		shm_frag_split(hpb, f, size, hash, file, "hp_realloc frag", line);
 		#endif
 
 	} else if (orig_size < size) {
@@ -1482,11 +1482,11 @@ void *hp_rpm_realloc(struct hp_block *hpb, void *p, unsigned long size,
 	if (orig_size > size) {
 		/* shrink */
 		#if !defined INLINE_ALLOC && defined DBG_MALLOC
-		rpm_frag_split_unsafe_dbg(hpb, f, size, file, "hp_realloc frag", line);
+		rpm_frag_split_dbg(hpb, f, size, hash, file, "hp_realloc frag", line);
 		#elif !defined HP_MALLOC_DYN && !defined DBG_MALLOC
-		rpm_frag_split_unsafe(hpb, f, size);
+		rpm_frag_split(hpb, f, size, hash);
 		#else
-		rpm_frag_split_unsafe(hpb, f, size, file, "hp_realloc frag", line);
+		rpm_frag_split(hpb, f, size, hash, file, "hp_realloc frag", line);
 		#endif
 
 	} else if (orig_size < size) {