[Webkit-unassigned] [Bug 233831] New: [libpas] Bitfit allocator has a wrong assertion when a page's max_free is enough for the size of an allocation, not enough for that allocation's size class, and the object of that size is not aligned to the currently requested alignment
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 3 11:15:42 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=233831
Bug ID: 233831
Summary: [libpas] Bitfit allocator has a wrong assertion when a
page's max_free is enough for the size of an
allocation, not enough for that allocation's size
class, and the object of that size is not aligned to
the currently requested alignment
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: bmalloc
Assignee: webkit-unassigned at lists.webkit.org
Reporter: fpizlo at apple.com
CC: ggaren at apple.com
What a combination of conditions:
- We just failed bitfit allocation in a page, which gives us some max_free (aka largest_available), and the allocation had nontrivial alignment.
- The max_free is smaller than the size class.
- The max_free is larger than the requested size.
- The max_free object is not aligned to the requested alignment.
The code handles this fine, but has a wrong assertion about it.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211203/cfbd6083/attachment-0001.htm>
More information about the webkit-unassigned
mailing list