New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
librados: invalid free() in rados_getxattrs_next() #20260
Conversation
src/librados/librados.cc
Outdated
@@ -4281,14 +4281,17 @@ extern "C" int rados_getxattrs_next(rados_xattrs_iter_t iter, | |||
{ | |||
tracepoint(librados, rados_getxattrs_next_enter, iter); | |||
librados::RadosXattrsIter *it = static_cast<librados::RadosXattrsIter*>(iter); | |||
if(it->val) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/if(/if (/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the review. Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whitespace nit aside, looks good! can you push an update for that?
Also, can you add your attr test case to src/test/pybind/test_rados.py? |
Invalid free() can cause corruption when getting an object attribute with empty value. Check the validity of the pointer before free(). Also move the free() call at the start of rados_getxattrs_next() to avoid memory leak. Fixes: http://tracker.ceph.com/issues/22042 Signed-off-by: Gu Zhongyan <guzhongyan@360.cn>
to cover attribute with empty value case. Signed-off-by: Gu Zhongyan <guzhongyan@360.cn>
@liewegas, attr test case is also added. [guzhongyan@rg1-ceph10 ~/ceph/build/bin]$ PYTHONPATH=pybind nosetests ../../src/test/pybind/test_rados.py:TestIoctx.test_obj_xattrs after my fix, things look good.
|
retest this please. |
This may have caused issues in backport testing and it just doesn't seem correct. From #20381:
|
Invalid free() can cause corruption when getting an object
attribute with empty value.
Check the validity of the pointer before free(). Also move
the free() call at the start of rados_getxattrs_next() to
avoid memory leak.
Fixes: http://tracker.ceph.com/issues/22042
Signed-off-by: Gu Zhongyan guzhongyan@360.cn