Team C
[ZBX-13339] Possible use of freed memory when removing old data from valuecache Created: 2018 Jan 16 Updated: 2024 Apr 10 Resolved: 2018 Mar 14 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Server (S) |
| Affects Version/s: | 2.2.21 |
| Fix Version/s: | 3.0.16rc1, 3.4.8rc1, 4.0.0alpha5, 4.0 (plan) |
| Type: | Problem report | Priority: | Trivial |
| Reporter: | Andris Zeila | Assignee: | Michael Veksler |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | valuecache | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Team: | Team C |
| Sprint: | Sprint 28, Sprint 29 |
| Story Points: | 0.5 |
| Description |
|
The following code uses chunk's first_value and last_value properties after the chunk is freed. In current memory allocator implementation it works normally, as the freed memory block is not changed by current process and valuecache shared memory is locked during this operation and cannot be changed by other processes. However the approach is obviously wrong and there might be problems if the memory allocator is changed in future, so it's better to fix it. static size_t vch_item_free_chunk(zbx_vc_item_t *item, zbx_vc_chunk_t *chunk) { size_t freed; freed = vc_item_free_values(item, chunk->slots, chunk->first_value, chunk->last_value); __vc_mem_free_func(chunk); return freed + sizeof(zbx_vc_chunk_t) + (chunk->last_value - chunk->first_value) * sizeof(zbx_history_record_t); } |
| Comments |
| Comment by Andris Zeila [ 2018 Mar 08 ] |
|
Successfully tested. |