From 88ca8d1a72d1d7ea86b6e48610e8aa9b428a83d8 Mon Sep 17 00:00:00 2001
From: Norman Feske <norman.feske@genode-labs.com>
Date: Thu, 6 Jan 2022 11:34:14 +0100
Subject: [PATCH] base: fix potential memory leak in allocator_avl

When used by the 'Allocator_avl' the slab allocator's backing store is
dynamically disabled and re-enabled while adding/freeing ranges.
However, during those operations, slab entries can be freed. This,
in turn, can result in the release of a slab block (when the freed slab
entry happens to be the last entry of the block). In this corner case,
'Slab::_release_backing_store' operation has no effect because no
backing-store allocator is set. As a result, the block is no longer
referenced but not physically freed.

The patch fixes the problem by skipping '_free_curr_sb' whenever
no backing store is defined. So the completely empty block remains
in the working set.

Thanks to Peter for reporting and fixing this issue!

Fixes #4367
---
 repos/base/src/lib/base/slab.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/repos/base/src/lib/base/slab.cc b/repos/base/src/lib/base/slab.cc
index f790b911d4..cf088b7e2d 100644
--- a/repos/base/src/lib/base/slab.cc
+++ b/repos/base/src/lib/base/slab.cc
@@ -438,7 +438,8 @@ void Slab::_free(void *addr)
 	_curr_sb = &block;
 	while (_total_avail > 2*_entries_per_block
 	 && _num_blocks > 1
-	 && _curr_sb->avail() == _entries_per_block) {
+	 && _curr_sb->avail() == _entries_per_block
+	 && _backing_store) {
 		_free_curr_sb();
 	}
 }