core: fix free undefined pointer when strdup failed in the first loop #20662
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yuwata
requested changes
Sep 8, 2021
yuwata
added
pid1
reviewed/needs-rework 🔨
|
another idea: use GREEDY_REALLOC0() instead of GREEDY_REALLOC() |
I didn't notice it,I‘m using GREEDY_REALLOC0() now |
yuwata
approved these changes
Sep 8, 2021
yuwata
added
good-to-merge/waiting-for-ci 👍
|
@poettering ptal |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the first loop, if GREEDY_REALLOC success and strdup failed, free n may cause coredump, such as:
#0 0x00007f61c546f331 in free () from /usr/lib64/libc.so.6
#1 0x00007f61c51cc0f9 in strv_clear (l=, l=) at ../src/basic/strv.c:68
#2 0x00007f61c51cc129 in strv_free (l=0x55fa98a63a80) at ../src/basic/strv.c:74
#3 0x000055fa97b2a05f in strv_freep () at ../src/basic/strv.h:21
#4 config_parse_exec (unit=, filename=, line=, section=, section_line=, lvalue=, ltype=, rvalue=, data=, userdata=) at ../src/core/load-fragment.c:637
#5 0x00007f61c525b357 in next_assignment (userdata=0x55fa98a474f0, flags=CONFIG_PARSE_ALLOW_INCLUDE, rvalue=0x55fa98a639ea "/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only", lvalue=0x55fa98a639e0 "ExecStart", section_line=6, section=0x55fa98a63990 "Service", table=0x55fa97b7e0a0 <load_fragment_gperf_lookup>, lookup=0x7f61c5257d40 <config_item_perf_lookup>, line=9, filename=0x55fa98a31cd0 "/usr/lib/systemd/user/dbus.service", unit=0x55fa98a1fda0 "dbus.service") at ../src/shared/conf-parser.c:133
#6 parse_line (unit=unit@entry=0x55fa98a1fda0 "dbus.service", filename=filename@entry=0x55fa98a31cd0 "/usr/lib/systemd/user/dbus.service", line=line@entry=9, sections=sections@entry=0x55fa97bc7771 "Unit", lookup=lookup@entry=0x7f61c5257d40 <config_item_perf_lookup>, table=table@entry=0x55fa97b7e0a0 <load_fragment_gperf_lookup>, flags=CONFIG_PARSE_ALLOW_INCLUDE, section=0x7ffca42195c8, section_line=0x7ffca42195bc, section_ignored=0x7ffca42195bb, l=0x55fa98a639e0 "ExecStart", userdata=0x55fa98a474f0) at ../src/shared/conf-parser.c:260
#7 0x00007f61c525bb0d in config_parse (unit=0x55fa98a1fda0 "dbus.service", filename=0x55fa98a31cd0 "/usr/lib/systemd/user/dbus.service", f=0x55fa989ff5c0, sections=0x55fa97bc7771 "Unit", lookup=0x7f61c5257d40 <config_item_perf_lookup>, table=0x55fa97b7e0a0 <load_fragment_gperf_lookup>, flags=CONFIG_PARSE_ALLOW_INCLUDE, userdata=0x55fa98a474f0) at ../src/shared/conf-parser.c:381
#8 0x000055fa97b8ffa9 in load_from_path (u=0x55fa98a474f0, path=0x55fa98a1fda0 "dbus.service") at ../src/core/load-fragment.c:4879
#9 0x000055fa97b99605 in unit_load_fragment (u=0x55fa98a474f0) at ../src/core/load-fragment.c:4916
#10 0x000055fa97b2de32 in service_load.lto_priv.38 (u=) at ../src/core/service.c:767
#11 0x000055fa97b91ef4 in unit_load (u=0x55fa98a474f0) at ../src/core/unit.c:1563
#12 manager_dispatch_load_queue (m=) at ../src/core/manager.c:1961
#13 0x000055fa97b92718 in manager_load_unit (m=, name=, path=, e=, _ret=) at ../src/core/manager.c:2057
#14 0x000055fa97b94fb3 in manager_load_unit_from_dbus_path (m=0x55fa989fd290, s=, e=0x0, _u=0x7ffca4219918) at ../src/core/manager.c:3008
#15 0x000055fa97b3b622 in mac_selinux_filter (message=0x55fa98a47180, userdata=0x55fa989fd290, error=0x7ffca4219980) at ../src/core/dbus.c:272
#16 0x00007f61c52c7bc3 in process_filter (bus=bus@entry=0x55fa98a28a40, m=m@entry=0x55fa98a47180) at ../src/libsystemd/sd-bus/sd-bus.c:2616
#17 0x00007f61c52cc6ec in process_message (m=0x55fa98a47180, bus=0x55fa98a28a40) at ../src/libsystemd/sd-bus/sd-bus.c:2752
#18 process_running (ret=0x0, priority=0, hint_priority=false, bus=0x55fa98a28a40) at ../src/libsystemd/sd-bus/sd-bus.c:2806
#19 bus_process_internal (bus=bus@entry=0x55fa98a28a40, hint_priority=hint_priority@entry=false, priority=priority@entry=0, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3026
#20 0x00007f61c52ccadc in sd_bus_process (bus=bus@entry=0x55fa98a28a40, ret=ret@entry=0x0) at ../src/libsystemd/sd-bus/sd-bus.c:3053
#21 0x00007f61c52ccaf8 in io_callback.lto_priv.75 (s=, fd=, revents=, userdata=) at ../src/libsystemd/sd-bus/sd-bus.c:3405
#22 0x00007f61c51aa3d9 in source_dispatch (s=s@entry=0x55fa989fe810) at ../src/libsystemd/sd-event/sd-event.c:2929
#23 0x00007f61c51aa6cf in sd_event_dispatch (e=, e@entry=0x55fa989fde20) at ../src/libsystemd/sd-event/sd-event.c:3395
#24 0x00007f61c51aa919 in sd_event_run (e=, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3453
#25 0x000055fa97b0a199 in manager_loop (m=0x55fa989fd290) at ../src/core/manager.c:2962
#26 invoke_main_loop (m=0x55fa989fd290, saved_rlimit_nofile=, saved_rlimit_memlock=, ret_reexecute=, ret_retval=, ret_shutdown_verb=, ret_fds=, ret_switch_root_dir=, ret_switch_root_init=, ret_error_message=) at ../src/core/main.c:1734
#27 0x000055fa97af9eec in main (argc=2, argv=0x7ffca421a0b8) at ../src/core/main.c:2683