Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixed: freed wild pointer cause panic #31

Merged
merged 2 commits into from
Jul 5, 2023
Merged

fixed: freed wild pointer cause panic #31

merged 2 commits into from
Jul 5, 2023

Conversation

potats0
Copy link
Contributor

@potats0 potats0 commented Jun 29, 2023
edited
Loading

In apisix with ubuntu 22.04 arm64, when i called coraza_free_intervention may cause panic. because it.url and it.log are wild pointer. Macos isn't going to happen.
Pasted Graphic

@jcchavezs
Copy link
Member

please add a test and add build tag linux I think.

@potats0
Copy link
Contributor Author

potats0 commented Jun 29, 2023

please add a test and add build tag linux I think.

Sure wait me

@potats0 potats0 changed the title fixed: freed unused memory cause panic fixed: freed wild pointer cause panic Jun 29, 2023
anuraaga
anuraaga reviewed Jun 30, 2023
View reviewed changes
Copy link

@anuraaga anuraaga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need any additional test, this seems to cover it

libcoraza/tests/simple_get.c

Line 72 in 9655137

coraza_free_intervention(intervention);

We don't actually seem to have a CI so separately we would need it eventually.

libcoraza/coraza.go
@@ -234,8 +234,6 @@ func coraza_free_intervention(it *C.coraza_intervention_t) C.int {
return 1
}
defer C.free(unsafe.Pointer(it))
C.free(unsafe.Pointer(it.log))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could be just missing it but I don't see log / url fields actually used - should we remove the fields too?

@potats0
Copy link
Contributor Author

potats0 commented Jun 30, 2023

In macos or openresty with arm64 , uninitialized memory will be set zero. But in apisix 3.3.0 with Ubuntu, will be set 0x1fffffffe. That is why caused segment fault.
image

image image

@jcchavezs
Copy link
Member

jcchavezs commented Jun 30, 2023 via email

@jcchavezs
Copy link
Member

Any feedback @jptosso ?

@jptosso
Copy link
Member

jptosso commented Jul 4, 2023

In macos or openresty with arm64 , uninitialized memory will be set zero. But in apisix 3.3.0 with Ubuntu, will be set 0x1fffffffe. That is why caused segment fault. image

image image

So for ARM we are going to have a memory leak?

@anuraaga
Copy link

anuraaga commented Jul 4, 2023

@jptosso These pointers are never set to anything, so the question is whether we can just delete the fields themselves (currently free is being called on them which fails since they're not set to anything)

@jptosso
Copy link
Member

jptosso commented Jul 4, 2023
edited
Loading

@anuraaga I'm ok with it then, in the future we might have to implement them though.
Should we remove them in a different PR?

jptosso
jptosso approved these changes Jul 4, 2023
View reviewed changes
libcoraza/coraza.go Show resolved Hide resolved
@jptosso jptosso self-requested a review July 4, 2023 09:05
@jcchavezs
Copy link
Member

@potats0 could you please remove log and url field?

@potats0
Copy link
Contributor Author

potats0 commented Jul 5, 2023

@potats0 could you please remove log and url field?

OK, commited

@jcchavezs jcchavezs merged commit 2b125ca into corazawaf:master Jul 5, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anuraaga anuraaga anuraaga approved these changes

@jcchavezs jcchavezs jcchavezs approved these changes

@jptosso jptosso Awaiting requested review from jptosso

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@potats0 @jcchavezs @jptosso @anuraaga @potapo