[Libguestfs] [PATCH libnbd 2/9] golang: aio_buffer.go: Make it safer to use
Eric Blake
eblake at redhat.com
Tue Feb 8 20:37:58 UTC 2022
On Sun, Jan 30, 2022 at 01:33:30AM +0200, Nir Soffer wrote:
> If a Go program tries to use AioBuffer after calling AioBuffer.Free(),
> the program may silently corrupt data, accessing memory that does not
> belong to the buffer any more, or segfault if the address is not mapped.
> In the worst case, it can corrupt memory silently. Calling Free() twice
> may silently free unrelated memory.
>
> Make the buffer safer to use by Freeing only on the first call and
> setting the pointer to nil. This makes multiple calls to Free()
> harmless, just like the underlying C.free().
>
> Trying to access Bytes() and Get() after calling Free() will always
> panic now, revealing the bug in the program.
>
> Trying to use AioBuffer with libnbd API will likely segfault and panic.
> I did not try to test this.
>
> Signed-off-by: Nir Soffer <nsoffer at redhat.com>
> ---
> golang/aio_buffer.go | 5 +++-
> golang/libnbd_620_aio_buffer_test.go | 41 ++++++++++++++++++++++++++++
> 2 files changed, 45 insertions(+), 1 deletion(-)
>
> diff --git a/golang/aio_buffer.go b/golang/aio_buffer.go
> index 2bc69a01..2b77d6ee 100644
> --- a/golang/aio_buffer.go
> +++ b/golang/aio_buffer.go
> @@ -46,20 +46,23 @@ func MakeAioBuffer(size uint) AioBuffer {
> func FromBytes(buf []byte) AioBuffer {
> size := len(buf)
> ret := MakeAioBuffer(uint(size))
> for i := 0; i < len(buf); i++ {
> *ret.Get(uint(i)) = buf[i]
> }
> return ret
> }
>
> func (b *AioBuffer) Free() {
> - C.free(b.P)
> + if b.P != nil {
> + C.free(b.P)
> + b.P = nil
> + }
Good.
> +++ b/golang/libnbd_620_aio_buffer_test.go
> @@ -53,20 +53,61 @@ func TestAioBuffer(t *testing.T) {
See patch 1 comments about the file name. Otherwise looks good.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
More information about the Libguestfs
mailing list