-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix memory leak in tcp server by wiping priority queues on deletion. #1216
Conversation
toxcore/TCP_server.c
Outdated
@@ -222,6 +222,23 @@ static int add_accepted(TCP_Server *tcp_server, const Mono_Time *mono_time, cons | |||
return index; | |||
} | |||
|
|||
static void wipe_priority_list(TCP_Secure_Connection *con) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'll need to be called something else. https://travis-ci.org/TokTok/c-toxcore/jobs/434939506#L1504
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 3 of 3 files at r2.
Reviewable status: 1 change requests, 0 of 1 approvals obtained (waiting on @iphydf)
https://github.com/tox-rs/tox is your best friend =) The second 0day this year. |
This doesn't actually fix all the potential memleaks yet. e.g. in kill_TCP_server the TCP_Secure_Connections aren't wiped, so there could be unfreed priority queues. Similarly in realloc_connection. I'm also worried about the potential for double frees. This is going to take some care... is there anyone who's actually familiar with TCP_server.c and wouldn't mind helping out? |
@zugz what do you mean by "non-verbally"? How exactly did he communicate? Was it by taking down 3/4 of bootstrap nodes? Because if so, then that's a rather malicious way of communicating and tox-rs ain't no friend. |
* Saturday, 2018-09-29 at 12:36 -0700 - nurupo <notifications@github.com>:
@zugz what do you mean by "non-verbally"? How exactly did he
communicate? Was it by taking down 3/4 of bootstrap nodes?
That is what I meant.
|
Codecov Report
@@ Coverage Diff @@
## master #1216 +/- ##
========================================
- Coverage 82.8% 82.7% -0.2%
========================================
Files 82 82
Lines 14634 14647 +13
========================================
- Hits 12125 12120 -5
- Misses 2509 2527 +18
Continue to review full report at Codecov.
|
OK, this is ready for (re)review now, and I believe it now fully seals this source of memleaks rather than just dealing with the case exploited in #1214. There wasn't nearly as much further work as I was fearing in my previous comment. A word on my methodology here: I haven't actually grokked the entirety of TCP_server.c; rather, I searched for "TCP_Secure_Connection" and followed up on each hit. I don't see that I could be missing anything. Also, with these latest changes asan now passes on #1215 - and asan's previous failure there was what directly led me to finding the memleak, which incidentally I think we can read as a win for our testing regime! Anyway, please review carefully. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r4.
Reviewable status:complete! 1 change requests, 1 of 1 approvals obtained (waiting on @iphydf)
toxcore/TCP_server.c, line 134 at r4 (raw file):
static int alloc_new_connections(TCP_Server *tcp_server, uint32_t num) { uint32_t new_size = tcp_server->size_accepted_connections + num;
const
This is how I fixed it: irungentoo@bf69b54 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 3 files at r2, 1 of 1 files at r5.
Reviewable status:complete! 1 change requests, 1 of 1 approvals obtained (waiting on @iphydf)
This change is![Reviewable](https://camo.githubusercontent.com/23b05f5fb48215c989e92cc44cf6512512d083132bd3daf689867c8d9d386888/68747470733a2f2f72657669657761626c652e696f2f7265766965775f627574746f6e2e737667)