Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/make make(1): fix double-free bug in -DCLEANUP mode ...



details:   https://anonhg.NetBSD.org/src/rev/f283ec2127ca
branches:  trunk
changeset: 976868:f283ec2127ca
user:      rillig <rillig%NetBSD.org@localhost>
date:      Mon Oct 05 19:30:37 2020 +0000

description:
make(1): fix double-free bug in -DCLEANUP mode (since 2020-10-02)

The bug had been introduced with dir.c 1.155 on 2020-10-02 22:20:25.  In
that commit, openDirectories was replaced with a combination of a list
with a hash table, for more efficient lookup by name.

Upon cleanup, OpenDirs_Done is called, which in turn called
Dir_ClearPath.  Dir_ClearPath takes full ownership of the given list and
empties it.  This was no problem before since afterwards the list was
empty and calling Lst_Free just frees the remaining list pointer.

With OpenDirs, this list was combined with a hash table, and the hash
table contains the list nodes, assuming that the OpenDirs functions have
full ownership of both the list and the hash table.  This assumption was
generally correct, except for the one moment during cleanup where full
ownership of the list was passed to Dir_ClearPath, while the hash table
still contained pointers to the (now freed) list nodes.  This by itself
was not a problem since the hash table would be freed afterwards.  But
as part of Dir_ClearPath, OpenDirs_Remove was called, which looked up
the freed directory by name and now found the freed list node, trying to
free it again.  Boom.

Fixed by replacing the call to Dir_ClearPath with code that only frees
the directories, without giving up control over the list.

diffstat:

 usr.bin/make/dir.c |  12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diffs (33 lines):

diff -r 6f6f8c0b74ce -r f283ec2127ca usr.bin/make/dir.c
--- a/usr.bin/make/dir.c        Mon Oct 05 19:27:47 2020 +0000
+++ b/usr.bin/make/dir.c        Mon Oct 05 19:30:37 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dir.c,v 1.158 2020/10/05 19:27:47 rillig Exp $ */
+/*     $NetBSD: dir.c,v 1.159 2020/10/05 19:30:37 rillig Exp $ */
 
 /*
  * Copyright (c) 1988, 1989, 1990 The Regents of the University of California.
@@ -135,7 +135,7 @@
 #include "job.h"
 
 /*     "@(#)dir.c      8.2 (Berkeley) 1/2/94"  */
-MAKE_RCSID("$NetBSD: dir.c,v 1.158 2020/10/05 19:27:47 rillig Exp $");
+MAKE_RCSID("$NetBSD: dir.c,v 1.159 2020/10/05 19:30:37 rillig Exp $");
 
 #define DIR_DEBUG0(text) DEBUG0(DIR, text)
 #define DIR_DEBUG1(fmt, arg1) DEBUG1(DIR, fmt, arg1)
@@ -234,7 +234,13 @@
 static void MAKE_ATTR_UNUSED
 OpenDirs_Done(OpenDirs *odirs)
 {
-    Dir_ClearPath(odirs->list);
+    CachedDirListNode *ln = odirs->list->first;
+    while (ln != NULL) {
+        CachedDirListNode *next = ln->next;
+        CachedDir *dir = ln->datum;
+        Dir_Destroy(dir);      /* removes the dir from odirs->list */
+        ln = next;
+    }
     Lst_Free(odirs->list);
     Hash_DeleteTable(&odirs->table);
 }



Home | Main Index | Thread Index | Old Index