bwrap: Second attempt at fixing an argv handling leak#237
Closed
pwithnall wants to merge 2 commits intocontainers:masterfrom
Closed
bwrap: Second attempt at fixing an argv handling leak#237pwithnall wants to merge 2 commits intocontainers:masterfrom
pwithnall wants to merge 2 commits intocontainers:masterfrom
Conversation
A new test was added in commit c09c1e5, but the total number of tests wasn’t incremented. Fix that. Signed-off-by: Philip Withnall <withnall@endlessm.com>
The first attempt caused a use-after-free because the arguments parsed from --args are passed to parse_args_recurse(), and the other cases there may take those pointers (without copying) into SetupOp structures, which persist after data is freed. Fix that by treating data more like the argv to main(): an allocation which exists throughout the life of the program. Do that by hoisting its declaration out as a global, and then pulling the allocated data into a cleanup_free variable in main(), to tie its lifecycle to main(). The alternative is to strdup() each one of the argv elements when they are used in parse_args_recurse(), but that would mean a lot more allocations and frees, and a lot of code churn. Signed-off-by: Philip Withnall <withnall@endlessm.com> containers#224
Collaborator
|
Looks good. I'd r+ this if the bot trusted me. |
Collaborator
|
@rh-atomic-bot delegate=smcv |
|
✌️ @smcv can now approve this pull request |
Collaborator
|
@smcv I sent you an invite as a collaborator. |
Contributor
Author
bubblewrap party! 🎈 🎊 🎆 🎁 |
Collaborator
rh-atomic-bot
pushed a commit
that referenced
this pull request
Oct 10, 2017
The first attempt caused a use-after-free because the arguments parsed from --args are passed to parse_args_recurse(), and the other cases there may take those pointers (without copying) into SetupOp structures, which persist after data is freed. Fix that by treating data more like the argv to main(): an allocation which exists throughout the life of the program. Do that by hoisting its declaration out as a global, and then pulling the allocated data into a cleanup_free variable in main(), to tie its lifecycle to main(). The alternative is to strdup() each one of the argv elements when they are used in parse_args_recurse(), but that would mean a lot more allocations and frees, and a lot of code churn. Signed-off-by: Philip Withnall <withnall@endlessm.com> #224 Closes: #237 Approved by: smcv
rh-atomic-bot
pushed a commit
that referenced
this pull request
Oct 10, 2017
The first attempt caused a use-after-free because the arguments parsed from --args are passed to parse_args_recurse(), and the other cases there may take those pointers (without copying) into SetupOp structures, which persist after data is freed. Fix that by treating data more like the argv to main(): an allocation which exists throughout the life of the program. Do that by hoisting its declaration out as a global, and then pulling the allocated data into a cleanup_free variable in main(), to tie its lifecycle to main(). The alternative is to strdup() each one of the argv elements when they are used in parse_args_recurse(), but that would mean a lot more allocations and frees, and a lot of code churn. Signed-off-by: Philip Withnall <withnall@endlessm.com> #224 Closes: #237 Approved by: smcv
|
☀️ Test successful - status-papr |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The first attempt caused a use-after-free because the arguments parsed
from --args are passed to parse_args_recurse(), and the other cases
there may take those pointers (without copying) into SetupOp structures,
which persist after data is freed.
Fix that by treating data more like the argv to main(): an allocation
which exists throughout the life of the program. Do that by hoisting its
declaration out as a global, and then pulling the allocated data into a
cleanup_free variable in main(), to tie its lifecycle to main().
The alternative is to strdup() each one of the argv elements when they
are used in parse_args_recurse(), but that would mean a lot more
allocations and frees, and a lot of code churn.
Signed-off-by: Philip Withnall withnall@endlessm.com
#224