ChallengeFind the bug in the fix–answer

time to read 2 min | 347 words

I am writing this answer before people had a chance to answer the actual challenge, so I hope people caught it. This was neither easy nor obvious to catch, because it was hiding with a pile of other stuff and the bug is a monster to figure out.

In case you need a reminder, here is the before & after code:

Look at line 18 in the second part. If we tried to allocate native memory and failed, we would try again, this this with the requested amount.

The logic here is that we typically want to request memory in power of 2 increments. So if asked for 17MB, we’ll allocate 32MB. This code is actually part of our memory allocator, which request memory from the operating system, so it is fine if we allocate more, we’ll just use that in a bit. However, if we don’t have enough memory to allocate 32MB, maybe we do have enough to allocate 17MB. And in many cases, we do, which allow the system to carry on operating.

Everyone is happy, right? Look at line 21 in the second code snippet. We set the allocated size to the size we wanted to allocate, not the actual size we allocated.

We allocated 17MB, we think we allocated 32MB, and now everything can happen.

This is a nasty thing to figure out. If you are lucky, this will generate an access violation when trying to get to that memory you think you own. If you are not lucky, this memory was actually allocated to your process, which means that you are now corrupting some totally random part of memory in funny ways. And that means that in some other time you’ll be start seeing funny behaviors and impossible results and tear your hair out trying to figure it out.

To make things worse, this is something that only happens when you run out of memory, so you are already suspicious about pretty much everything that is going on there. Nasty, nasty, nasty.

I might need a new category of bugs: “Stuff that makes you want to go ARGH!”

More posts in "Challenge" series:

  1. (13 Oct 2023) Fastest node selection metastable error state–answer
  2. (12 Oct 2023) Fastest node selection metastable error state
  3. (19 Sep 2023) Spot the bug
  4. (04 Jan 2023) what does this code print?
  5. (14 Dec 2022) What does this code print?
  6. (01 Jul 2022) Find the stack smash bug… – answer
  7. (30 Jun 2022) Find the stack smash bug…
  8. (03 Jun 2022) Spot the data corruption
  9. (06 May 2022) Spot the optimization–solution
  10. (05 May 2022) Spot the optimization
  11. (06 Apr 2022) Why is this code broken?
  12. (16 Dec 2021) Find the slow down–answer
  13. (15 Dec 2021) Find the slow down
  14. (03 Nov 2021) The code review bug that gives me nightmares–The fix
  15. (02 Nov 2021) The code review bug that gives me nightmares–the issue
  16. (01 Nov 2021) The code review bug that gives me nightmares
  17. (16 Jun 2021) Detecting livelihood in a distributed cluster
  18. (21 Apr 2020) Generate matching shard id–answer
  19. (20 Apr 2020) Generate matching shard id
  20. (02 Jan 2020) Spot the bug in the stream
  21. (28 Sep 2018) The loop that leaks–Answer
  22. (27 Sep 2018) The loop that leaks
  23. (03 Apr 2018) The invisible concurrency bug–Answer
  24. (02 Apr 2018) The invisible concurrency bug
  25. (31 Jan 2018) Find the bug in the fix–answer
  26. (30 Jan 2018) Find the bug in the fix
  27. (19 Jan 2017) What does this code do?
  28. (26 Jul 2016) The race condition in the TCP stack, answer
  29. (25 Jul 2016) The race condition in the TCP stack
  30. (28 Apr 2015) What is the meaning of this change?
  31. (26 Sep 2013) Spot the bug
  32. (27 May 2013) The problem of locking down tasks…
  33. (17 Oct 2011) Minimum number of round trips
  34. (23 Aug 2011) Recent Comments with Future Posts
  35. (02 Aug 2011) Modifying execution approaches
  36. (29 Apr 2011) Stop the leaks
  37. (23 Dec 2010) This code should never hit production
  38. (17 Dec 2010) Your own ThreadLocal
  39. (03 Dec 2010) Querying relative information with RavenDB
  40. (29 Jun 2010) Find the bug
  41. (23 Jun 2010) Dynamically dynamic
  42. (28 Apr 2010) What killed the application?
  43. (19 Mar 2010) What does this code do?
  44. (04 Mar 2010) Robust enumeration over external code
  45. (16 Feb 2010) Premature optimization, and all of that…
  46. (12 Feb 2010) Efficient querying
  47. (10 Feb 2010) Find the resource leak
  48. (21 Oct 2009) Can you spot the bug?
  49. (18 Oct 2009) Why is this wrong?
  50. (17 Oct 2009) Write the check in comment
  51. (15 Sep 2009) NH Prof Exporting Reports
  52. (02 Sep 2009) The lazy loaded inheritance many to one association OR/M conundrum
  53. (01 Sep 2009) Why isn’t select broken?
  54. (06 Aug 2009) Find the bug fixes
  55. (26 May 2009) Find the bug
  56. (14 May 2009) multi threaded test failure
  57. (11 May 2009) The regex that doesn’t match
  58. (24 Mar 2009) probability based selection
  59. (13 Mar 2009) C# Rewriting
  60. (18 Feb 2009) write a self extracting program
  61. (04 Sep 2008) Don't stop with the first DSL abstraction
  62. (02 Aug 2008) What is the problem?
  63. (28 Jul 2008) What does this code do?
  64. (26 Jul 2008) Find the bug fix
  65. (05 Jul 2008) Find the deadlock
  66. (03 Jul 2008) Find the bug
  67. (02 Jul 2008) What is wrong with this code
  68. (05 Jun 2008) why did the tests fail?
  69. (27 May 2008) Striving for better syntax
  70. (13 Apr 2008) calling generics without the generic type
  71. (12 Apr 2008) The directory tree
  72. (24 Mar 2008) Find the version
  73. (21 Jan 2008) Strongly typing weakly typed code
  74. (28 Jun 2007) Windsor Null Object Dependency Facility