-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(userspace/libsinsp): avoid a possible source of segfault in sinsp::next #1423
Conversation
…nsp next. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
@@ -1223,6 +1223,8 @@ int32_t sinsp::next(OUT sinsp_evt **puevt) | |||
sinsp_evt* evt; | |||
int32_t res; | |||
|
|||
*puevt = NULL; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Force set puevt
to NULL at start of function.
@@ -1297,8 +1299,6 @@ int32_t sinsp::next(OUT sinsp_evt **puevt) | |||
{ | |||
m_external_event_processor->process_event(NULL, libsinsp::EVENT_RETURN_TIMEOUT); | |||
} | |||
*puevt = NULL; | |||
return res; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Avoid multiple return
s here; just use the return at L1339 that was already there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, *puevt is now always NULL here.
} | ||
|
||
for(uint32_t j = 0; j < nfdr; j++) | ||
if(ptinfo) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here return res
would return SCAP_SUCCESS
but *puevt
was not set. Instead, avoid dropping an event altogether, since here it was not even parsed/processed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice catch! :)
/hold |
/cc @gnosek @Andreagit97 |
/milestone 0.14.0 But of course this can become a 0.13.3 if needed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this, definitely a nice cleanup, though I'd go a step further. I'd change:
if(res != SCAP_SUCCESS)
{
if(res == SCAP_FOO)
{
// ... and so on
}
return res;
}
// much much later
*puevt = evt;
return res;
to a switch:
*puevt = NULL;
switch(res)
{
case SCAP_SUCCESS:
*puevt = evt;
break;
case SCAP_FILTERED_EVENT:
*puevt = evt; // we do have an event so why not, I guess?
// ...
return res;
// etc.
}
// here res == SCAP_SUCCESS and *puevt is valid so we can return whenever
} | ||
|
||
for(uint32_t j = 0; j < nfdr; j++) | ||
if(ptinfo) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice catch! :)
But then in this case #1423 (comment) we'd need to set |
... or just don't set it in the switch. Either way, I'm not going to fight too much over it :D |
…o matching `ptinfo` is found. Signed-off-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Grzegorz Nosek <grzegorz.nosek@sysdig.com>
/unhold |
…out. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Andreagit97, FedeDP, jasondellaluce The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/milestone 0.13.3 |
What type of PR is this?
/kind bug
Any specific area of the project related to this PR?
/area libsinsp
What this PR does / why we need it:
Avoid returning SCAP_SUCCESS without setting
*puevt
pointed data.Which issue(s) this PR fixes:
Refs falcosecurity/falco#2878
Special notes for your reviewer:
Does this PR introduce a user-facing change?: