Explicitly guard against infinite loops in consistency check.

We don't want the consistency check to introduce instability.  So make
sure they don't loop indefinitely - either due to corrupted list or just
very large lists.

Signed-off-by: NeilBrown <neil@brown.name>

diff --git a/DOC/TODO.md b/DOC/TODO.md
index 043b199e446e5be7914462db32ba50052d82c169..9e532bfacbd8c6aee2b51cba8a18413304b4a4b0 100644 (file)
--- a/DOC/TODO.md
+++ b/DOC/TODO.md
@@ -127,7 +127,7 @@ Core features
 - [ ] catching doc:replace in a pane doesn't catch doc:insert-file.
       I need a simple way to intercept any change.
 - [X] switch-buffer in pop-up window - shouldn't kill the popup (does it?)
-- [ ] explicitly guard against infinite loops in consistency checks
+- [X] explicitly guard against infinite loops in consistency checks
 - [ ] skip consistency checks after several with no stop for input.
 - [ ] unwanted docs too easily appear high in recent-list - *Output*
 - [ ] design a way for a keystroke to interrupt a long-running function.

diff --git a/core-mark.c b/core-mark.c
index b110cf14cb919d4393230385ecfaea27381057f6..7f4d8e2b52e5acc7a140437c1904d9843ae60e40 100644 (file)
--- a/core-mark.c
+++ b/core-mark.c
@@ -1200,6 +1200,7 @@ void doc_check_consistent(struct doc *d safe)
        struct mark *m, *m2 = NULL;
        int seq = 0;
        int i;
+       int max = 1000;
        static bool warned = False;
 
        hlist_for_each_entry(m, &d->marks, all) {
@@ -1214,6 +1215,8 @@ void doc_check_consistent(struct doc *d safe)
                        warned = True;
                }
                m2 = m;
+               if (max-- < 0)
+                       break;
        }
        for (i = 0; d->views && i < d->nviews; i++)
                if (d->views[i].owner == NULL) {
@@ -1239,6 +1242,8 @@ void doc_check_consistent(struct doc *d safe)
                                if (m->seq < seq)
                                        abort();
                                seq = m->seq + 1;
+                               if (max-- < 0)
+                                       break;
                        }
                }
 }
@@ -1249,11 +1254,15 @@ bool marks_validate(struct mark *m1 safe, struct mark *m2 safe)
        struct doc *d = m1->owner->data;
        int found = 0;
        int ret;
+       int max = 1000;
 
        if (m1 == m2) {
-               for (m = mark_first(d); m; m = mark_next(m))
+               for (m = mark_first(d); m; m = mark_next(m)) {
                        if (m1 == m)
                                return True;
+                       if (max-- < 0)
+                               break;
+               }
                LOG("marks_validate: marks not found");
                return False;
        }
@@ -1261,9 +1270,12 @@ bool marks_validate(struct mark *m1 safe, struct mark *m2 safe)
                m = m1; m1 = m2; m2 = m;
        }
 
-       for (m = mark_first(d); m; m = mark_next(m))
+       for (m = mark_first(d); m; m = mark_next(m)) {
                if (m == m1 || m == m2)
                        found += 1;
+               if (max-- < 0)
+                       break;
+       }
        if (found != 2) {
                LOG("log_val_marks not both found, only %d", found);
                return False;

diff --git a/doc-multipart.c b/doc-multipart.c
index 1f262c5fc90a40e244bd4e0c15a36d04b264efbb..8edcdfd9e17bc026a676eb8fcaf5bb49d23e60da 100644 (file)
--- a/doc-multipart.c
+++ b/doc-multipart.c
@@ -152,12 +152,12 @@ static void mp_mark_refcnt(struct mark *m safe, int inc)
 
 static void mp_check_consistent(struct mp_info *mpi safe)
 {
-//     struct mark *m;
        struct doc *d = &mpi->doc;
-//     int s = -1;
-
-       doc_check_consistent(d);
 #if 0
+       struct mark *m;
+       int s = -1;
+       int max = 1000;
+
        for (m = mark_first(d); m; m = mark_next(m)) {
                if (!m->ref.m || m->ref.m->seq <= s) {
                        for (m = mark_first(d); m;
@@ -169,9 +169,11 @@ static void mp_check_consistent(struct mp_info *mpi safe)
                        abort();
                }
                s = m->ref.m->seq;
+               if (max-- < 0)
+                       break;
        }
-       doc_check_consistent(d);
 #endif
+       doc_check_consistent(d);
 }
 
 static void change_part(struct mp_info *mpi safe, struct mark *m safe,

diff --git a/doc-text.c b/doc-text.c
index 8d528f394df2d3ac35f1896a22bb0cf7810b116c..46c3c3488954234ad4230ea9513dd7020841c6ec 100644 (file)
--- a/doc-text.c
+++ b/doc-text.c
@@ -2087,16 +2087,20 @@ static void text_check_consistent(struct text *t safe)
        struct text_chunk *c;
        struct mark *m, *prev;
        struct doc *d = &t->doc;
-       int loops;
+       int loops = 10000;
 
        list_for_each_entry(c, &t->text, lst) {
                check_allocated(t, c->txt, c->end);
                if (c->start >= c->end)
                        abort();
+               if (loops-- < 0)
+                       break;
        }
        list_for_each_entry(c, &t->text, lst) {
                struct text_chunk *c2;
                list_for_each_entry(c2, &t->text, lst) {
+                       if (loops -- < 0)
+                               break;
                        if (c2 == c ||
                            c2->txt != c->txt)
                                continue;
@@ -2106,12 +2110,13 @@ static void text_check_consistent(struct text *t safe)
                                continue;
                        abort();
                }
+               if (loops-- < 0)
+                       break;
        }
 
        /* This test is quadratic in the number of marks, so let's
         * give up rather then annoy the users.
         */
-       loops = 10000;
        for (m = mark_first(d); m; m = mark_next(m))
                text_ref_consistent(t, &m->ref, &loops);
 
@@ -2130,6 +2135,8 @@ static void text_check_consistent(struct text *t safe)
                        }
                }
                prev = m;
+               if (loops-- < 0)
+                       break;
        }
        doc_check_consistent(d);
 }