Skip to content

buffer bound handling in jemalloc stats callback to avoid unintended growth#19334

Open
jmestwa-coder wants to merge 1 commit into
aptos-labs:mainfrom
jmestwa-coder:malloc-callback-bound-check
Open

buffer bound handling in jemalloc stats callback to avoid unintended growth#19334
jmestwa-coder wants to merge 1 commit into
aptos-labs:mainfrom
jmestwa-coder:malloc-callback-bound-check

Conversation

@jmestwa-coder

@jmestwa-coder jmestwa-coder commented Apr 4, 2026

Copy link
Copy Markdown
Contributor

Description

Fixes incorrect bound handling in the jemalloc stats callback (write_cb).

The callback previously used the buffer’s total capacity instead of the remaining space (capacity - len). This allowed the buffer to grow across multiple invocations, exceeding the intended limit and potentially triggering reallocation inside the callback, which is explicitly undesirable in this context.

This change ensures that each write is bounded by the remaining capacity. Once the buffer is full, the callback returns early and performs no further writes.


How Has This Been Tested?

  • Added unit tests to verify:
    • Buffer length never exceeds its capacity across multiple callback invocations
    • No capacity growth occurs after the buffer is full
    • Incoming data is correctly truncated to remaining space
    • Zero-capacity edge case behaves as expected
  • Verified behavior is deterministic and matches intended bounded-write semantics

Key Areas to Review

  • write_cb logic:
    • Uses capacity - len (via saturating_sub) to compute remaining space
    • Returns early when no space is left
    • Copies only the allowed number of bytes per invocation
  • Safety:
    • No changes to unsafe pointer usage or callback interface
    • No new allocations introduced in the callback path

Type of Change

  • Bug fix

Which Components or Systems Does This Change Impact?

  • Other (Admin Service)

Checklist

  • I have read and followed the CONTRIBUTING doc
  • I have performed a self-review of my own code
  • I tested both happy and unhappy path of the functionality

Note

Low Risk
Small, localized fix to admin-service malloc stats collection with no auth or data-path changes; reduces risk of unintended allocation during stats dumps.

Overview
Fixes bounded-write semantics in the admin service jemalloc malloc_stats_print callback (write_cb).

Previously each chunk was limited by the buffer’s total capacity, ignoring bytes already written. Repeated callbacks could push len past capacity, grow the Vec, and reallocate inside the callback—explicitly avoided on this path.

The callback now computes remaining space with capacity.saturating_sub(len), returns immediately when none is left, and copies at most min(remaining, chunk_len) bytes per invocation.

Reviewed by Cursor Bugbot for commit 9c66e8d. Bugbot is set up for automated code reviews on this repo. Configure here.

@jmestwa-coder jmestwa-coder force-pushed the malloc-callback-bound-check branch from 577930e to 2afb2d9 Compare April 27, 2026 16:26
@jmestwa-coder jmestwa-coder force-pushed the malloc-callback-bound-check branch from 2afb2d9 to 0f22457 Compare May 7, 2026 19:06
@jmestwa-coder

Copy link
Copy Markdown
Contributor Author

kindly review this PR. Thank you!

@jmestwa-coder jmestwa-coder force-pushed the malloc-callback-bound-check branch 3 times, most recently from e23b1fe to 2804036 Compare May 11, 2026 13:50
@jmestwa-coder jmestwa-coder force-pushed the malloc-callback-bound-check branch from 2804036 to f28eb96 Compare May 15, 2026 19:46
@jmestwa-coder jmestwa-coder force-pushed the malloc-callback-bound-check branch from f28eb96 to 61d8222 Compare June 8, 2026 04:52
@jmestwa-coder jmestwa-coder force-pushed the malloc-callback-bound-check branch from 61d8222 to 9c66e8d Compare June 22, 2026 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant