New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3.0.0] Error data flags can carry over from one error to another #12530
Comments
I am not so sure this is an error because, internally, the field does have a malloc'd buffer. It just so happens that the buffer is empty. The ERR stuff exposes too many internals, anyway. Since that is being deprecated, and it's not incorrect (although it is confusing), I would close this as "wontfix" because that code is going to vanish. I do think, however that the |
If you replace As a consumer of OpenSSL, I don't care if OpenSSL's internal error glue has a malloc'd buffer to cut down on allocator traffic, I care if there's an extra message string in the data component or not. It seems valuable to properly distinguish that for consumers. |
The issue for the ERR stuff right now is that the "internal error glue" is exposed in public header files. We missed this when we made most things opaque in a previous release. I can argue it's a feature that lets users safely manipulate internal state. |
Oh sure, I am definitely in favor of providing a minimal clean interface to the error state. This is just a case where the internal implementation details leak out into the public API in a way that could be avoided by e.g. creating a new internal-only flag for a cached allocation as you (I think) mentioned above. |
No, that idea of a new internal-only flag doesn't work, without creating a parallel structure to the current errinfo and keeping that private. While also populating the necessary fields out to the (unfortunately public) error state. The key question is given that much effort, why spend anything cleaning up an API that will be made opaque soon. |
If the data pointer is no longer going to be publicly exposed, then it seems reasonable to close this issue. What will the AIP to pull errors look like once it's all cleaned up out of curiosity? |
I am not a member of the project, but I would expect all API's to work except for the data structure and the "get state" function being made opaque and removed, respectively. |
An attempt to clear an error with malloced data didn't clear the flags. Now it clears all flags except the malloced flag. Fixes openssl#12530
I've created a PR with the flags fix, making the structures opaque will have to wait until after 3.0. |
An attempt to clear an error with malloced data didn't clear the flags. Now it clears all flags except the malloced flag. Fixes openssl#12530 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#15667)
Using the 3.0.0-alpha5 release, the flags component of an error is not properly cleared out from the error stack's internal storage. This results in errors created without any string data still reporting
ERR_TXT_STRING
andERR_TXT_MALLOCED
if the error's slot in the internal stack previously contained an error with malloced string data.As an example, here's a simple C program:
If you compile and run that, it prints
flags: 0
, as expected. However, if you uncomment the two lines that create the earlier error, it now printsflags: 3
(i.e.ERR_TXT_STRING | ERR_TXT_MALLOCED
), which is incorrect. The end result is that code that looks at the error sees an empty string for its data, rather than no string at all.It looks like this is the result of #9459, which avoids deallocating malloced data buffers to avoid allocator traffic. The logic should probably be adjusted to clear the flags unconditionally and track the fact that the buffer is still malloced somewhere else.
The text was updated successfully, but these errors were encountered: