Fix transient pointer deallocation in ByteArrayProxy

benalexau · benalexau · commit c91893a876e7 · 2025-10-25T19:23:06.000+11:00
JNR-FFI's TransientNativeMemory was prematurely deallocating off-heap memory before LMDB syscalls completed. Return transient pointers from BufferProxy.in() and use reachability fencing at all call sites to prevent premature GC. BufferProxy and KeyVal were also simplified to remove pointer address passing, given this is inexpensively available from the Pointer.address() accessor (which is backed by a final field). This is an API breaking change if external users implemented their own BufferProxy, however it is considered unlikely many (if any) users would have ever done this. Fixes #252
diff --git a/src/main/java/org/lmdbjava/BufferProxy.java b/src/main/java/org/lmdbjava/BufferProxy.java
@@ -107,30 +107,29 @@ protected Comparator<T> getComparator(DbiFlags... flags) {
    *
    * @param buffer the buffer to write to <code>MDB_val</code>
    * @param ptr the pointer to the <code>MDB_val</code>
-   * @param ptrAddr the address of the <code>MDB_val</code> pointer
+   * @return a transient pointer that must be kept alive, or null if none
    */
-  protected abstract void in(T buffer, Pointer ptr, long ptrAddr);
+  protected abstract Pointer in(T buffer, Pointer ptr);
 
   /**
    * Called when the <code>MDB_val</code> should be set to reflect the passed buffer.
    *
    * @param buffer the buffer to write to <code>MDB_val</code>
    * @param size the buffer size to write to <code>MDB_val</code>
    * @param ptr the pointer to the <code>MDB_val</code>
-   * @param ptrAddr the address of the <code>MDB_val</code> pointer
+   * @return a transient pointer that must be kept alive, or null if none
    */
-  protected abstract void in(T buffer, int size, Pointer ptr, long ptrAddr);
+  protected abstract Pointer in(T buffer, int size, Pointer ptr);
 
   /**
    * Called when the <code>MDB_val</code> may have changed and the passed buffer should be modified
    * to reflect the new <code>MDB_val</code>.
    *
    * @param buffer the buffer to write to <code>MDB_val</code>
    * @param ptr the pointer to the <code>MDB_val</code>
-   * @param ptrAddr the address of the <code>MDB_val</code> pointer
    * @return the buffer for <code>MDB_val</code>
    */
-  protected abstract T out(T buffer, Pointer ptr, long ptrAddr);
+  protected abstract T out(T buffer, Pointer ptr);
 
   /**
    * Create a new {@link KeyVal} to hold pointers for this buffer proxy.
diff --git a/src/main/java/org/lmdbjava/ByteArrayProxy.java b/src/main/java/org/lmdbjava/ByteArrayProxy.java
@@ -114,20 +114,22 @@ protected Comparator<byte[]> getUnsignedComparator() {
   }
 
   @Override
-  protected void in(final byte[] buffer, final Pointer ptr, final long ptrAddr) {
+  protected Pointer in(final byte[] buffer, final Pointer ptr) {
     final Pointer pointer = MEM_MGR.allocateDirect(buffer.length);
     pointer.put(0, buffer, 0, buffer.length);
     ptr.putLong(STRUCT_FIELD_OFFSET_SIZE, buffer.length);
     ptr.putAddress(STRUCT_FIELD_OFFSET_DATA, pointer.address());
+    return pointer;
   }
 
   @Override
-  protected void in(final byte[] buffer, final int size, final Pointer ptr, final long ptrAddr) {
+  protected Pointer in(final byte[] buffer, final int size, final Pointer ptr) {
     // cannot reserve for byte arrays
+    return null;
   }
 
   @Override
-  protected byte[] out(final byte[] buffer, final Pointer ptr, final long ptrAddr) {
+  protected byte[] out(final byte[] buffer, final Pointer ptr) {
     final long addr = ptr.getAddress(STRUCT_FIELD_OFFSET_DATA);
     final int size = (int) ptr.getLong(STRUCT_FIELD_OFFSET_SIZE);
     final Pointer pointer = MEM_MGR.newPointer(addr, size);
diff --git a/src/main/java/org/lmdbjava/ByteBufProxy.java b/src/main/java/org/lmdbjava/ByteBufProxy.java
@@ -136,21 +136,26 @@ protected byte[] getBytes(final ByteBuf buffer) {
   }
 
   @Override
-  protected void in(final ByteBuf buffer, final Pointer ptr, final long ptrAddr) {
+  protected Pointer in(final ByteBuf buffer, final Pointer ptr) {
+    final long ptrAddr = ptr.address();
     UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE, buffer.writerIndex() - buffer.readerIndex());
     UNSAFE.putLong(
         ptrAddr + STRUCT_FIELD_OFFSET_DATA, buffer.memoryAddress() + buffer.readerIndex());
+    return null;
   }
 
   @Override
-  protected void in(final ByteBuf buffer, final int size, final Pointer ptr, final long ptrAddr) {
+  protected Pointer in(final ByteBuf buffer, final int size, final Pointer ptr) {
+    final long ptrAddr = ptr.address();
     UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE, size);
     UNSAFE.putLong(
         ptrAddr + STRUCT_FIELD_OFFSET_DATA, buffer.memoryAddress() + buffer.readerIndex());
+    return null;
   }
 
   @Override
-  protected ByteBuf out(final ByteBuf buffer, final Pointer ptr, final long ptrAddr) {
+  protected ByteBuf out(final ByteBuf buffer, final Pointer ptr) {
+    final long ptrAddr = ptr.address();
     final long addr = UNSAFE.getLong(ptrAddr + STRUCT_FIELD_OFFSET_DATA);
     final long size = UNSAFE.getLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE);
     UNSAFE.putLong(buffer, addressOffset, addr);
diff --git a/src/main/java/org/lmdbjava/ByteBufferProxy.java b/src/main/java/org/lmdbjava/ByteBufferProxy.java
@@ -221,20 +221,22 @@ private static final class ReflectiveProxy extends AbstractByteBufferProxy {
     }
 
     @Override
-    protected void in(final ByteBuffer buffer, final Pointer ptr, final long ptrAddr) {
+    protected Pointer in(final ByteBuffer buffer, final Pointer ptr) {
       ptr.putAddress(STRUCT_FIELD_OFFSET_DATA, address(buffer));
       ptr.putLong(STRUCT_FIELD_OFFSET_SIZE, buffer.remaining());
+      return null;
     }
 
     @Override
-    protected void in(
-        final ByteBuffer buffer, final int size, final Pointer ptr, final long ptrAddr) {
+    protected Pointer in(final ByteBuffer buffer, final int size, final Pointer ptr) {
       ptr.putLong(STRUCT_FIELD_OFFSET_SIZE, size);
       ptr.putAddress(STRUCT_FIELD_OFFSET_DATA, address(buffer));
+      return null;
     }
 
     @Override
-    protected ByteBuffer out(final ByteBuffer buffer, final Pointer ptr, final long ptrAddr) {
+    protected ByteBuffer out(final ByteBuffer buffer, final Pointer ptr) {
+      final long ptrAddr = ptr.address();
       final long addr = ptr.getAddress(STRUCT_FIELD_OFFSET_DATA);
       final long size = ptr.getLong(STRUCT_FIELD_OFFSET_SIZE);
       try {
@@ -269,20 +271,24 @@ private static final class UnsafeProxy extends AbstractByteBufferProxy {
     }
 
     @Override
-    protected void in(final ByteBuffer buffer, final Pointer ptr, final long ptrAddr) {
+    protected Pointer in(final ByteBuffer buffer, final Pointer ptr) {
+      final long ptrAddr = ptr.address();
       UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE, buffer.remaining());
       UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_DATA, address(buffer));
+      return null;
     }
 
     @Override
-    protected void in(
-        final ByteBuffer buffer, final int size, final Pointer ptr, final long ptrAddr) {
+    protected Pointer in(final ByteBuffer buffer, final int size, final Pointer ptr) {
+      final long ptrAddr = ptr.address();
       UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE, size);
       UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_DATA, address(buffer));
+      return null;
     }
 
     @Override
-    protected ByteBuffer out(final ByteBuffer buffer, final Pointer ptr, final long ptrAddr) {
+    protected ByteBuffer out(final ByteBuffer buffer, final Pointer ptr) {
+      final long ptrAddr = ptr.address();
       final long addr = UNSAFE.getLong(ptrAddr + STRUCT_FIELD_OFFSET_DATA);
       final long size = UNSAFE.getLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE);
       UNSAFE.putLong(buffer, ADDRESS_OFFSET, addr);
diff --git a/src/main/java/org/lmdbjava/Cursor.java b/src/main/java/org/lmdbjava/Cursor.java
@@ -141,8 +141,8 @@ public boolean get(final T key, final T data, final SeekOp op) {
       checkNotClosed();
       txn.checkReady();
     }
-    kv.keyIn(key);
-    kv.valIn(data);
+    final Pointer transientKey = kv.keyIn(key);
+    final Pointer transientVal = kv.valIn(data);
 
     final int rc = LIB.mdb_cursor_get(ptrCursor, kv.pointerKey(), kv.pointerVal(), op.getCode());
 
@@ -153,6 +153,10 @@ public boolean get(final T key, final T data, final SeekOp op) {
     checkRc(rc);
     kv.keyOut();
     kv.valOut();
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(transientVal);
+    ReferenceUtil.reachabilityFence0(kv.key());
+    ReferenceUtil.reachabilityFence0(kv.val());
     ReferenceUtil.reachabilityFence0(key);
     return true;
   }
@@ -172,7 +176,7 @@ public boolean get(final T key, final GetOp op) {
       checkNotClosed();
       txn.checkReady();
     }
-    kv.keyIn(key);
+    final Pointer transientKey = kv.keyIn(key);
 
     final int rc = LIB.mdb_cursor_get(ptrCursor, kv.pointerKey(), kv.pointerVal(), op.getCode());
 
@@ -183,6 +187,9 @@ public boolean get(final T key, final GetOp op) {
     checkRc(rc);
     kv.keyOut();
     kv.valOut();
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(kv.key());
+    ReferenceUtil.reachabilityFence0(kv.val());
     ReferenceUtil.reachabilityFence0(key);
     return true;
   }
@@ -243,8 +250,8 @@ public boolean put(final T key, final T val, final PutFlags... op) {
       txn.checkReady();
       txn.checkWritesAllowed();
     }
-    kv.keyIn(key);
-    kv.valIn(val);
+    final Pointer transientKey = kv.keyIn(key);
+    final Pointer transientVal = kv.valIn(val);
     final int mask = mask(true, op);
     final int rc = LIB.mdb_cursor_put(ptrCursor, kv.pointerKey(), kv.pointerVal(), mask);
     if (rc == MDB_KEYEXIST) {
@@ -256,6 +263,8 @@ public boolean put(final T key, final T val, final PutFlags... op) {
       return false;
     }
     checkRc(rc);
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(transientVal);
     ReferenceUtil.reachabilityFence0(key);
     ReferenceUtil.reachabilityFence0(val);
     return true;
@@ -287,10 +296,12 @@ public void putMultiple(final T key, final T val, final int elements, final PutF
     if (SHOULD_CHECK && !isSet(mask, MDB_MULTIPLE)) {
       throw new IllegalArgumentException("Must set " + MDB_MULTIPLE + " flag");
     }
-    txn.kv().keyIn(key);
+    final Pointer transientKey = txn.kv().keyIn(key);
     final Pointer dataPtr = txn.kv().valInMulti(val, elements);
     final int rc = LIB.mdb_cursor_put(ptrCursor, txn.kv().pointerKey(), dataPtr, mask);
     checkRc(rc);
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(dataPtr);
     ReferenceUtil.reachabilityFence0(key);
     ReferenceUtil.reachabilityFence0(val);
   }
@@ -340,11 +351,13 @@ public T reserve(final T key, final int size, final PutFlags... op) {
       txn.checkReady();
       txn.checkWritesAllowed();
     }
-    kv.keyIn(key);
-    kv.valIn(size);
+    final Pointer transientKey = kv.keyIn(key);
+    final Pointer transientVal = kv.valIn(size);
     final int flags = mask(true, op) | MDB_RESERVE.getMask();
     checkRc(LIB.mdb_cursor_put(ptrCursor, kv.pointerKey(), kv.pointerVal(), flags));
     kv.valOut();
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(transientVal);
     ReferenceUtil.reachabilityFence0(key);
     return val();
   }
diff --git a/src/main/java/org/lmdbjava/Dbi.java b/src/main/java/org/lmdbjava/Dbi.java
@@ -83,8 +83,8 @@ public final class Dbi<T> {
           (keyA, keyB) -> {
             final T compKeyA = proxy.allocate();
             final T compKeyB = proxy.allocate();
-            proxy.out(compKeyA, keyA, keyA.address());
-            proxy.out(compKeyB, keyB, keyB.address());
+            proxy.out(compKeyA, keyA);
+            proxy.out(compKeyB, keyB);
             final int result = this.comparator.compare(compKeyA, compKeyB);
             proxy.deallocate(compKeyA);
             proxy.deallocate(compKeyB);
@@ -161,18 +161,21 @@ public boolean delete(final Txn<T> txn, final T key, final T val) {
       txn.checkWritesAllowed();
     }
 
-    txn.kv().keyIn(key);
+    final Pointer transientKey = txn.kv().keyIn(key);
 
     Pointer data = null;
+    Pointer transientVal = null;
     if (val != null) {
-      txn.kv().valIn(val);
+      transientVal = txn.kv().valIn(val);
       data = txn.kv().pointerVal();
     }
     final int rc = LIB.mdb_del(txn.pointer(), ptr, txn.kv().pointerKey(), data);
     if (rc == MDB_NOTFOUND) {
       return false;
     }
     checkRc(rc);
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(transientVal);
     ReferenceUtil.reachabilityFence0(key);
     ReferenceUtil.reachabilityFence0(val);
     return true;
@@ -232,14 +235,16 @@ public T get(final Txn<T> txn, final T key) {
       env.checkNotClosed();
       txn.checkReady();
     }
-    txn.kv().keyIn(key);
+    final Pointer transientKey = txn.kv().keyIn(key);
     final int rc = LIB.mdb_get(txn.pointer(), ptr, txn.kv().pointerKey(), txn.kv().pointerVal());
     if (rc == MDB_NOTFOUND) {
       return null;
     }
     checkRc(rc);
+    final T result = txn.kv().valOut(); // marked as out in LMDB C docs
+    ReferenceUtil.reachabilityFence0(transientKey);
     ReferenceUtil.reachabilityFence0(key);
-    return txn.kv().valOut(); // marked as out in LMDB C docs
+    return result;
   }
 
   /**
@@ -366,8 +371,8 @@ public boolean put(final Txn<T> txn, final T key, final T val, final PutFlags...
       txn.checkReady();
       txn.checkWritesAllowed();
     }
-    txn.kv().keyIn(key);
-    txn.kv().valIn(val);
+    final Pointer transientKey = txn.kv().keyIn(key);
+    final Pointer transientVal = txn.kv().valIn(val);
     final int mask = mask(true, flags);
     final int rc =
         LIB.mdb_put(txn.pointer(), ptr, txn.kv().pointerKey(), txn.kv().pointerVal(), mask);
@@ -380,6 +385,8 @@ public boolean put(final Txn<T> txn, final T key, final T val, final PutFlags...
       return false;
     }
     checkRc(rc);
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(transientVal);
     ReferenceUtil.reachabilityFence0(key);
     ReferenceUtil.reachabilityFence0(val);
     return true;
@@ -408,11 +415,13 @@ public T reserve(final Txn<T> txn, final T key, final int size, final PutFlags..
       txn.checkReady();
       txn.checkWritesAllowed();
     }
-    txn.kv().keyIn(key);
-    txn.kv().valIn(size);
+    final Pointer transientKey = txn.kv().keyIn(key);
+    final Pointer transientVal = txn.kv().valIn(size);
     final int flags = mask(true, op) | MDB_RESERVE.getMask();
     checkRc(LIB.mdb_put(txn.pointer(), ptr, txn.kv().pointerKey(), txn.kv().pointerVal(), flags));
     txn.kv().valOut(); // marked as in,out in LMDB C docs
+    ReferenceUtil.reachabilityFence0(transientKey);
+    ReferenceUtil.reachabilityFence0(transientVal);
     ReferenceUtil.reachabilityFence0(key);
     return txn.val();
   }
diff --git a/src/main/java/org/lmdbjava/DirectBufferProxy.java b/src/main/java/org/lmdbjava/DirectBufferProxy.java
@@ -134,23 +134,27 @@ protected byte[] getBytes(final DirectBuffer buffer) {
   }
 
   @Override
-  protected void in(final DirectBuffer buffer, final Pointer ptr, final long ptrAddr) {
+  protected Pointer in(final DirectBuffer buffer, final Pointer ptr) {
+    final long ptrAddr = ptr.address();
     final long addr = buffer.addressOffset();
     final long size = buffer.capacity();
     UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_DATA, addr);
     UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE, size);
+    return null;
   }
 
   @Override
-  protected void in(
-      final DirectBuffer buffer, final int size, final Pointer ptr, final long ptrAddr) {
+  protected Pointer in(final DirectBuffer buffer, final int size, final Pointer ptr) {
+    final long ptrAddr = ptr.address();
     final long addr = buffer.addressOffset();
     UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_DATA, addr);
     UNSAFE.putLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE, size);
+    return null;
   }
 
   @Override
-  protected DirectBuffer out(final DirectBuffer buffer, final Pointer ptr, final long ptrAddr) {
+  protected DirectBuffer out(final DirectBuffer buffer, final Pointer ptr) {
+    final long ptrAddr = ptr.address();
     final long addr = UNSAFE.getLong(ptrAddr + STRUCT_FIELD_OFFSET_DATA);
     final long size = UNSAFE.getLong(ptrAddr + STRUCT_FIELD_OFFSET_SIZE);
     buffer.wrap(addr, (int) size);
diff --git a/src/main/java/org/lmdbjava/KeyVal.java b/src/main/java/org/lmdbjava/KeyVal.java
diff --git a/src/test/java/org/lmdbjava/ByteBufferProxyTest.java b/src/test/java/org/lmdbjava/ByteBufferProxyTest.java
