Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix use-after-free in btree code #84

Closed
wants to merge 1 commit into from
Closed

Fix use-after-free in btree code #84

wants to merge 1 commit into from

Conversation

ryao
Copy link
Contributor

@ryao ryao commented Sep 17, 2022
edited
Loading

Recently, coverity static analysis found a use-after-free bug in the btree code in openzfs/zfs. It had been detected causing problems in the wild on debug builds in 2020:

openzfs/zfs#10989

On non-debug builds, it will just silently cause undefined behavior. In any case, I could not find my old account for illumos.org, so I decided to file a pull request to inform people since in my opinion, it is a fairly critical bug.

This did not cleanly apply, since there were additional changes to btree.c in openzfs/zfs made by this commit:

openzfs/zfs@c0bf952

Anyway, I manually applied the change to produce the commit in this PR. I hope this is helpful.

@ryao
Fix use-after-free in btree code
36872a4 
Coverty static analysis found these.

Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Neal Gompa <ngompa@datto.com>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
@ryao
Copy link
Contributor Author

ryao commented Sep 17, 2022

You might want to port the other commit too, since it is a performance improvement.

@tsoome
Copy link
Contributor

tsoome commented Sep 17, 2022

You might want to port the other commit too, since it is a performance improvement.

Yes, it is still waiting in my queue....

@tsoome
Copy link
Contributor

tsoome commented Sep 17, 2022

Recently, coverity static analysis found a use-after-free bug in the btree code in openzfs/zfs. It had been detected causing problems in the wild on debug builds in 2020:

openzfs/zfs#10989

On non-debug builds, it will just silently cause undefined behavior. In any case, I could not find my old account for illumos.org, so I decided to file a pull request to inform people since in my opinion, it is a fairly critical bug.

This did not cleanly apply, since there were additional changes to btree.c in openzfs/zfs made by this commit:

openzfs/zfs@c0bf952

Anyway, I manually applied the change to produce the commit in this PR. I hope this is helpful.

Thanks!

I'll pick it up...

@ryao
Copy link
Contributor Author

ryao commented Dec 27, 2022

It appears that his has been fixed in d80dfda.

@ryao ryao closed this Dec 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ryao @tsoome