[Libguestfs] [PATCH libnbd 2/9] golang: aio_buffer.go: Make it safer to use

[Eric Blake]

On Sun, Jan 30, 2022 at 01:33:30AM +0200, Nir Soffer wrote:
> If a Go program tries to use AioBuffer after calling AioBuffer.Free(),
> the program may silently corrupt data, accessing memory that does not
> belong to the buffer any more, or segfault if the address is not mapped.
> In the worst case, it can corrupt memory silently. Calling Free() twice
> may silently free unrelated memory.
> 
> Make the buffer safer to use by Freeing only on the first call and
> setting the pointer to nil. This makes multiple calls to Free()
> harmless, just like the underlying C.free().
> 
> Trying to access Bytes() and Get() after calling Free() will always
> panic now, revealing the bug in the program.
> 
> Trying to use AioBuffer with libnbd API will likely segfault and panic.
> I did not try to test this.
> 
> Signed-off-by: Nir Soffer <nsoffer at redhat.com>
> ---
>  golang/aio_buffer.go                 |  5 +++-
>  golang/libnbd_620_aio_buffer_test.go | 41 ++++++++++++++++++++++++++++
>  2 files changed, 45 insertions(+), 1 deletion(-)
> 
> diff --git a/golang/aio_buffer.go b/golang/aio_buffer.go
> index 2bc69a01..2b77d6ee 100644
> --- a/golang/aio_buffer.go
> +++ b/golang/aio_buffer.go
> @@ -46,20 +46,23 @@ func MakeAioBuffer(size uint) AioBuffer {
>  func FromBytes(buf []byte) AioBuffer {
>  	size := len(buf)
>  	ret := MakeAioBuffer(uint(size))
>  	for i := 0; i < len(buf); i++ {
>  		*ret.Get(uint(i)) = buf[i]
>  	}
>  	return ret
>  }
>  
>  func (b *AioBuffer) Free() {
> -	C.free(b.P)
> +	if b.P != nil {
> +		C.free(b.P)
> +		b.P = nil
> +	}

Good.

> +++ b/golang/libnbd_620_aio_buffer_test.go
> @@ -53,20 +53,61 @@ func TestAioBuffer(t *testing.T) {

See patch 1 comments about the file name.  Otherwise looks good.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org