Hi,
debugging a citus valgrind bleat I noticed that hash_create() accesses
the result of palloc(0) as an hash element:
HTAB *
hash_create(const char *tabname, long nelem, HASHCTL *info, int flags)
{
...
if ((flags & HASH_SHARED_MEM) ||
nelem < hctl->nelem_alloc)
{
if (!element_alloc(hashp, (int) nelem))
ereport(ERROR,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("out of memory")));
}
...}
I.e. e call element_alloc with nelem = 0. There we then do:
static bool
element_alloc(HTAB *hashp, int nelem)
{
...
firstElement = (HASHELEMENT *) hashp->alloc(nelem * elementSize);
...
firstElement->link = hctlv->freeList;
}
which means we'll write to the result of palloc(0).
Do we consider this an API usage error that we want to fix?
Greetings,
Andres Freund