-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make evdns_cancel_request() safe for canceling requests with scheduled-to-run or running callbacks. #1561
base: master
Are you sure you want to change the base?
Conversation
…d-to-run or running callbacks. Previously, evdns_base_clear_nameservers_and_suspend() would call evdns_cancel_request() to cancel a probe request (server->probe_request) before freeing a nameserver object (server). However, if the request's callback was already scheduled by the event loop (handle->pending_cb is set), evdns_cancel_request() would not cancel it effectively. The callback would run and access the already-freed namserver object.
Hm, some tests failed, can you please take a look? |
@azat the problem is that
hm, maybe that's why this "we might need to refcount here" comment is here. In principal, there is a problem in the existing code too. I'll see how to address this. Suggestions are of course welcome. Updated On the other hand, there is this code https://github.com/libevent/libevent/blob/master/evdns.c#L5344 handling Hmm, how outrageous would it be to schedule a delayed destruction of |
All this is too complex...
Not sure that it is a great idea since it may leave evdns in some corner cases (like
This looks like the best way for now to avoid extra complexity for this patch As a long-term goal I think we need refcnt for evdns_base to avoid use-after-free, we can do it the same way as it is done in bufferevents, decref and free check on unlock and in evdns_base_free. |
Previously,
evdns_base_clear_nameservers_and_suspend()
would callevdns_cancel_request()
to cancel a probe request (server->probe_request
) before freeing a nameserver object (server
). However, if the request's callback was already scheduled by the event loop (handle->pending_cb
is set),evdns_cancel_request()
would not cancel it effectively. The callback would run and access the freed nameserver object.