From c10b69eb64cd967d84c41c289a85ab15dcafd2df Mon Sep 17 00:00:00 2001
From: Cory Fields <cory-nospam-@coryfields.com>
Date: Fri, 24 Feb 2017 18:20:03 -0500
Subject: [PATCH 1/4] don't throw std::bad_alloc when out of memory. Instead,
 terminate immediately

---
 src/init.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/init.cpp b/src/init.cpp
index 7893afab9..852fd8b50 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -723,6 +723,19 @@ bool AppInitServers(boost::thread_group& threadGroup)
     return true;
 }
 
+[[noreturn]] static void new_handler_terminate()
+{
+    // Rather than throwing std::bad-alloc if allocation fails, terminate
+    // immediately to (try to) avoid chain corruption.
+    // Since LogPrintf may itself allocate memory, set the handler directly
+    // to terminate first.
+    std::set_new_handler(std::terminate);
+    LogPrintf("Error: Out of memory. Terminating.\n");
+
+    // The log was successful, terminate now.
+    std::terminate();
+};
+
 /** Initialize bitcoin.
  *  @pre Parameters should be parsed and config file should be read.
  */
@@ -784,6 +797,8 @@ bool AppInit2(boost::thread_group& threadGroup, CScheduler& scheduler)
     signal(SIGPIPE, SIG_IGN);
 #endif
 
+    std::set_new_handler(new_handler_terminate);
+
     // ********************************************************* Step 2: parameter interactions
     const CChainParams& chainparams = Params();
 

From d207b81d2818da1753a06abc0d118b727fa505d3 Mon Sep 17 00:00:00 2001
From: Cory Fields <cory-nospam-@coryfields.com>
Date: Sat, 25 Feb 2017 01:06:25 -0500
Subject: [PATCH 2/4] prevector: assert successful allocation

---
 src/prevector.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/prevector.h b/src/prevector.h
index 3e80ef5d3..ffb26576b 100644
--- a/src/prevector.h
+++ b/src/prevector.h
@@ -1,6 +1,7 @@
 #ifndef _BITCOIN_PREVECTOR_H_
 #define _BITCOIN_PREVECTOR_H_
 
+#include <assert.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include <string.h>
@@ -166,10 +167,15 @@ private:
             }
         } else {
             if (!is_direct()) {
+                /* FIXME: Because malloc/realloc here won't call new_handler if allocation fails, assert
+                    success. These should instead use an allocator or new/delete so that handlers
+                    are called as necessary, but performance would be slightly degraded by doing so. */
                 _union.indirect = static_cast<char*>(realloc(_union.indirect, ((size_t)sizeof(T)) * new_capacity));
+                assert(_union.indirect);
                 _union.capacity = new_capacity;
             } else {
                 char* new_indirect = static_cast<char*>(malloc(((size_t)sizeof(T)) * new_capacity));
+                assert(new_indirect);
                 T* src = direct_ptr(0);
                 T* dst = reinterpret_cast<T*>(new_indirect);
                 memcpy(dst, src, size() * sizeof(T));

From 3c9dbf3ed8803f3675400abdbabb3aff308086c2 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Mon, 23 Apr 2018 10:39:23 +0100
Subject: [PATCH 3/4] Improve best-effort logging before termination on OOM

Suggested by @kallewoof in bitcoin/bitcoin#9856
---
 src/init.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/init.cpp b/src/init.cpp
index 852fd8b50..39013e187 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -730,6 +730,7 @@ bool AppInitServers(boost::thread_group& threadGroup)
     // Since LogPrintf may itself allocate memory, set the handler directly
     // to terminate first.
     std::set_new_handler(std::terminate);
+    fputs("Error: Out of memory. Terminating.\n", stderr);
     LogPrintf("Error: Out of memory. Terminating.\n");
 
     // The log was successful, terminate now.

From aeb089ecc7718fdde16304073d13a2c1082f318e Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Thu, 26 Apr 2018 11:30:33 +0100
Subject: [PATCH 4/4] Attempt to log before terminating if prevector allocation
 fails

---
 src/init.cpp    | 14 --------------
 src/prevector.h |  6 ++++--
 src/util.cpp    | 15 +++++++++++++++
 src/util.h      |  2 ++
 4 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/init.cpp b/src/init.cpp
index 39013e187..52658f662 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -723,20 +723,6 @@ bool AppInitServers(boost::thread_group& threadGroup)
     return true;
 }
 
-[[noreturn]] static void new_handler_terminate()
-{
-    // Rather than throwing std::bad-alloc if allocation fails, terminate
-    // immediately to (try to) avoid chain corruption.
-    // Since LogPrintf may itself allocate memory, set the handler directly
-    // to terminate first.
-    std::set_new_handler(std::terminate);
-    fputs("Error: Out of memory. Terminating.\n", stderr);
-    LogPrintf("Error: Out of memory. Terminating.\n");
-
-    // The log was successful, terminate now.
-    std::terminate();
-};
-
 /** Initialize bitcoin.
  *  @pre Parameters should be parsed and config file should be read.
  */
diff --git a/src/prevector.h b/src/prevector.h
index ffb26576b..aad4c2717 100644
--- a/src/prevector.h
+++ b/src/prevector.h
@@ -1,6 +1,8 @@
 #ifndef _BITCOIN_PREVECTOR_H_
 #define _BITCOIN_PREVECTOR_H_
 
+#include <util.h>
+
 #include <assert.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -171,11 +173,11 @@ private:
                     success. These should instead use an allocator or new/delete so that handlers
                     are called as necessary, but performance would be slightly degraded by doing so. */
                 _union.indirect = static_cast<char*>(realloc(_union.indirect, ((size_t)sizeof(T)) * new_capacity));
-                assert(_union.indirect);
+                if (!_union.indirect) { new_handler_terminate(); }
                 _union.capacity = new_capacity;
             } else {
                 char* new_indirect = static_cast<char*>(malloc(((size_t)sizeof(T)) * new_capacity));
-                assert(new_indirect);
+                if (!new_indirect) { new_handler_terminate(); }
                 T* src = direct_ptr(0);
                 T* dst = reinterpret_cast<T*>(new_indirect);
                 memcpy(dst, src, size() * sizeof(T));
diff --git a/src/util.cpp b/src/util.cpp
index 19c400631..a38b5ed78 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -17,6 +17,7 @@
 #include "utiltime.h"
 
 #include <stdarg.h>
+#include <stdio.h>
 
 #if (defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__))
 #include <pthread.h>
@@ -179,6 +180,20 @@ static FILE* fileout = NULL;
 static boost::mutex* mutexDebugLog = NULL;
 static list<string> *vMsgsBeforeOpenLog;
 
+[[noreturn]] void new_handler_terminate()
+{
+    // Rather than throwing std::bad-alloc if allocation fails, terminate
+    // immediately to (try to) avoid chain corruption.
+    // Since LogPrintf may itself allocate memory, set the handler directly
+    // to terminate first.
+    std::set_new_handler(std::terminate);
+    fputs("Error: Out of memory. Terminating.\n", stderr);
+    LogPrintf("Error: Out of memory. Terminating.\n");
+
+    // The log was successful, terminate now.
+    std::terminate();
+};
+
 static int FileWriteStr(const std::string &str, FILE *fp)
 {
     return fwrite(str.data(), 1, str.size(), fp);
diff --git a/src/util.h b/src/util.h
index 392ddff9c..22949902d 100644
--- a/src/util.h
+++ b/src/util.h
@@ -53,6 +53,8 @@ extern bool fLogIPs;
 extern std::atomic<bool> fReopenDebugLog;
 extern CTranslationInterface translationInterface;
 
+[[noreturn]] extern void new_handler_terminate();
+
 /**
  * Translation function: Call Translate signal on UI interface, which returns a boost::optional result.
  * If no translation slot is registered, nothing is returned, and simply return the input.