Fix dangling pointer glusterd_ac_send_friend_remove_req()#4653
Draft
ThalesBarretto wants to merge 2 commits intogluster:develfrom
Draft
Fix dangling pointer glusterd_ac_send_friend_remove_req()#4653ThalesBarretto wants to merge 2 commits intogluster:develfrom
ThalesBarretto wants to merge 2 commits intogluster:develfrom
Conversation
ThalesBarretto
force-pushed
the
thales_leak_glusterd_ac_send_friend_remove
branch
from
12a34f7 to
bad0e19
Compare
pranithk
previously approved these changes
Feb 16, 2026
|
|
||
| if (!ret) { | ||
| new_event->peername = peerinfo->hostname; | ||
| new_event->peername = gf_strdup(peerinfo->hostname); |
Member
There was a problem hiding this comment.
@ThalesBarretto This change looks correct. It doesn't look like peername is getting freed in all scenarios though?
@sanjurakonde Could you also verify this when you get time. I am merging this PR
Member
There was a problem hiding this comment.
Actually now that I check the code, some code is not doing free and some are. Which one is the correct way @sanjurakonde ?
Member
There was a problem hiding this comment.
Will wait for your response before merging.
Contributor
Author
There was a problem hiding this comment.
@pranithk @sanjurakonde i have introduced another commit to addres the leak, would you mind taking a look?
In `glusterd-sm.c` we always use use gf_strdup when assigning the peername, preventing a potential crash or invalid memory access But glusterd_ac_send_friend_remove_req() was inadvertely assigning directly, without using `strdup`, causing a dangling pointer problem which could potentially crash the application. This commit fixes that problem by using the `strdup()` pattern instead of the dangerous direct assignment. # xlators/mgmt/glusterd/src/glusterd-sm.c | 2 +- # 1 file changed, 1 insertion(+), 1 deletion(-)
ThalesBarretto
force-pushed
the
thales_leak_glusterd_ac_send_friend_remove
branch
from
bad0e19 to
0154173
Compare
Since glusterd_ac_send_friend_remove_req() now uses gf_strdup()
to assign event->peername, the event destructor must free it.
Add GF_FREE(event->peername) to glusterd_destroy_friend_event_context()
which is the canonical cleanup path for all friend SM events.
Also call glusterd_destroy_friend_event_context() on the early-exit
path in glusterd_friend_sm() (peerinfo not found), which was calling
GF_FREE(event) directly and leaking the peername string.
Signed-off-by: Thales Antunes de Oliveira Barretto <thales.barretto.git@gmail.com>
# xlators/mgmt/glusterd/src/glusterd-sm.c | 3 +++
# 1 file changed, 3 insertions(+)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In
glusterd-sm.cwe always use use gf_strdup when assigningthe peername, preventing a potential crash or invalid memory access
But glusterd_ac_send_friend_remove_req() was inadvertely
assigning directly, without using
strdup, causing a dangling pointerproblem which could potentially crash the application.
Since glusterd_ac_send_friend_remove_req() now uses gf_strdup()
to assign event->peername, the event destructor must free it.
Add GF_FREE(event->peername) to glusterd_destroy_friend_event_context()
which is the canonical cleanup path for all friend SM events.
Also call glusterd_destroy_friend_event_context() on the early-exit
path in glusterd_friend_sm() (peerinfo not found), which was calling
GF_FREE(event) directly and leaking the peername string.
The first commit fixes that problem by using the
strdup()patterninstead of the dangerous direct assignment.
The second address the memory leak introduced by the first, with a
consistend pattern.