Fix dangling pointer glusterd_ac_send_friend_remove_req()#4653
Fix dangling pointer glusterd_ac_send_friend_remove_req()#4653ThalesBarretto wants to merge 2 commits intogluster:develfrom
Conversation
ThalesBarretto
force-pushed
the
thales_leak_glusterd_ac_send_friend_remove
branch
from
12a34f7 to
bad0e19
Compare
|
|
||
| if (!ret) { | ||
| new_event->peername = peerinfo->hostname; | ||
| new_event->peername = gf_strdup(peerinfo->hostname); |
There was a problem hiding this comment.
@ThalesBarretto This change looks correct. It doesn't look like peername is getting freed in all scenarios though?
@sanjurakonde Could you also verify this when you get time. I am merging this PR
There was a problem hiding this comment.
Actually now that I check the code, some code is not doing free and some are. Which one is the correct way @sanjurakonde ?
There was a problem hiding this comment.
Will wait for your response before merging.
There was a problem hiding this comment.
@pranithk @sanjurakonde i have introduced another commit to addres the leak, would you mind taking a look?
In `glusterd-sm.c` we always use use gf_strdup when assigning the peername, preventing a potential crash or invalid memory access But glusterd_ac_send_friend_remove_req() was inadvertely assigning directly, without using `strdup`, causing a dangling pointer problem which could potentially crash the application. This commit fixes that problem by using the `strdup()` pattern instead of the dangerous direct assignment. # xlators/mgmt/glusterd/src/glusterd-sm.c | 2 +- # 1 file changed, 1 insertion(+), 1 deletion(-)
ThalesBarretto
force-pushed
the
thales_leak_glusterd_ac_send_friend_remove
branch
from
bad0e19 to
0154173
Compare
Since glusterd_ac_send_friend_remove_req() now uses gf_strdup()
to assign event->peername, the event destructor must free it.
Add GF_FREE(event->peername) to glusterd_destroy_friend_event_context()
which is the canonical cleanup path for all friend SM events.
Also call glusterd_destroy_friend_event_context() on the early-exit
path in glusterd_friend_sm() (peerinfo not found), which was calling
GF_FREE(event) directly and leaking the peername string.
Signed-off-by: Thales Antunes de Oliveira Barretto <thales.barretto.git@gmail.com>
# xlators/mgmt/glusterd/src/glusterd-sm.c | 3 +++
# 1 file changed, 3 insertions(+)
|
@pranithk as you pointed out, there is a bigger blast radius - the pattern repeats. Another concern - about the state machine itsaelf - will be documented alsewhere, in a separate issue. I ask you now what do you prefer: keep this pr small (but incomplete) or open another (with proper issue filing) to address the same concern (memory, refcounting...) but at the file-level scope? |
2 participants
In
glusterd-sm.cwe always use use gf_strdup when assigningthe peername, preventing a potential crash or invalid memory access
But glusterd_ac_send_friend_remove_req() was inadvertely
assigning directly, without using
strdup, causing a dangling pointerproblem which could potentially crash the application.
Since glusterd_ac_send_friend_remove_req() now uses gf_strdup()
to assign event->peername, the event destructor must free it.
Add GF_FREE(event->peername) to glusterd_destroy_friend_event_context()
which is the canonical cleanup path for all friend SM events.
Also call glusterd_destroy_friend_event_context() on the early-exit
path in glusterd_friend_sm() (peerinfo not found), which was calling
GF_FREE(event) directly and leaking the peername string.
The first commit fixes that problem by using the
strdup()patterninstead of the dangerous direct assignment.
The second address the memory leak introduced by the first, with a
consistend pattern.