-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix potential Null pointer dereference in test-ratelim.c #1602
base: master
Are you sure you want to change the base?
Conversation
325b364
to
905ac1a
Compare
test/test-ratelim.c
Outdated
@@ -195,10 +195,12 @@ echo_listenercb(struct evconnlistener *listener, evutil_socket_t newsock, | |||
struct bufferevent *bev; | |||
|
|||
bev = bufferevent_socket_new(base, newsock, flags); | |||
assert(bev); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not good error handler, let's close fd and write an error
test/test-ratelim.c
Outdated
@@ -449,10 +451,12 @@ test_ratelimiting(void) | |||
ms100_common = event_base_init_common_timeout(base, &tv); | |||
|
|||
periodic_level_check = event_new(base, -1, EV_PERSIST, check_group_bucket_levels_cb, NULL); | |||
assert(periodic_level_check); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should have cleanup error handler
test/test-ratelim.c
Outdated
event_add(periodic_level_check, ms100_common); | ||
|
||
if (cfg_group_drain && ratelim_group) { | ||
group_drain_event = event_new(base, -1, EV_PERSIST, group_drain_cb, NULL); | ||
assert(group_drain_event); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same
OK, I'll fix them |
I just move some |
7aaac9e
to
d7181d6
Compare
You can run
|
74bcc16
to
5eb95de
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apart from one comment looks ok
@@ -256,8 +269,10 @@ check_group_bucket_levels_cb(evutil_socket_t fd, short events, void *arg) | |||
static void | |||
group_drain_cb(evutil_socket_t fd, short events, void *arg) | |||
{ | |||
bufferevent_rate_limit_group_decrement_read(ratelim_group, cfg_group_drain); | |||
bufferevent_rate_limit_group_decrement_write(ratelim_group, cfg_group_drain); | |||
if (ratelim_group) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should never be called when ratelim_group is NULL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#1 0x557e063d31e8 in group_drain_cb /home/runner/work/libevent/libevent/test/test-ratelim.c:271:2
I add this check to solve the null pointer dereference here. I don't understand why the code before my modifications didn't cause a crash...something wrong?
Now it fails
|
No description provided.