Auto merge of #3193 - str4d:b9856-badalloc-terminate, r=bitcartel

Terminate immediately when allocation fails Backport of bitcoin/bitcoin#9856 Closes #1498.
2018-05-01 02:09:51 -07:00 · 2018-05-01 02:09:51 -07:00 · 23f8b30c88
parent b300118002 aeb089ecc7
commit 23f8b30c88
4 changed files with 27 additions and 0 deletions
--- a/src/init.cpp
+++ b/src/init.cpp
@ -828,6 +828,8 @@ bool AppInit2(boost::thread_group& threadGroup, CScheduler& scheduler)
    signal(SIGPIPE, SIG_IGN);
 #endif

+    std::set_new_handler(new_handler_terminate);
+
    // ********************************************************* Step 2: parameter interactions
    const CChainParams& chainparams = Params();

--- a/src/prevector.h
+++ b/src/prevector.h
@ -1,6 +1,9 @@
 #ifndef _BITCOIN_PREVECTOR_H_
 #define _BITCOIN_PREVECTOR_H_

+#include <util.h>
+
+#include <assert.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include <string.h>
@ -166,10 +169,15 @@ private:
            }
        } else {
            if (!is_direct()) {
+                /* FIXME: Because malloc/realloc here won't call new_handler if allocation fails, assert
+                    success. These should instead use an allocator or new/delete so that handlers
+                    are called as necessary, but performance would be slightly degraded by doing so. */
                _union.indirect = static_cast<char*>(realloc(_union.indirect, ((size_t)sizeof(T)) * new_capacity));
+                if (!_union.indirect) { new_handler_terminate(); }
                _union.capacity = new_capacity;
            } else {
                char* new_indirect = static_cast<char*>(malloc(((size_t)sizeof(T)) * new_capacity));
+                if (!new_indirect) { new_handler_terminate(); }
                T* src = direct_ptr(0);
                T* dst = reinterpret_cast<T*>(new_indirect);
                memcpy(dst, src, size() * sizeof(T));
--- a/src/util.cpp
+++ b/src/util.cpp
@ -17,6 +17,7 @@
 #include "utiltime.h"

 #include <stdarg.h>
+#include <stdio.h>

 #if (defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__))
 #include <pthread.h>
@ -179,6 +180,20 @@ static FILE* fileout = NULL;
 static boost::mutex* mutexDebugLog = NULL;
 static list<string> *vMsgsBeforeOpenLog;

+[[noreturn]] void new_handler_terminate()
+{
+    // Rather than throwing std::bad-alloc if allocation fails, terminate
+    // immediately to (try to) avoid chain corruption.
+    // Since LogPrintf may itself allocate memory, set the handler directly
+    // to terminate first.
+    std::set_new_handler(std::terminate);
+    fputs("Error: Out of memory. Terminating.\n", stderr);
+    LogPrintf("Error: Out of memory. Terminating.\n");
+
+    // The log was successful, terminate now.
+    std::terminate();
+};
+
 static int FileWriteStr(const std::string &str, FILE *fp)
 {
    return fwrite(str.data(), 1, str.size(), fp);
--- a/src/util.h
+++ b/src/util.h
@ -53,6 +53,8 @@ extern bool fLogIPs;
 extern std::atomic<bool> fReopenDebugLog;
 extern CTranslationInterface translationInterface;

+[[noreturn]] extern void new_handler_terminate();
+
 /**
 * Translation function: Call Translate signal on UI interface, which returns a boost::optional result.
 * If no translation slot is registered, nothing is returned, and simply return the input.