Re: [Libguestfs] [PATCH libnbd 2/9] golang: aio_buffer.go: Make it safer to use
On Sun, Jan 30, 2022 at 01:33:30AM +0200, Nir Soffer wrote:
If a Go program tries to use AioBuffer after calling
AioBuffer.Free(),
the program may silently corrupt data, accessing memory that does not
belong to the buffer any more, or segfault if the address is not mapped.
In the worst case, it can corrupt memory silently. Calling Free() twice
may silently free unrelated memory.
Make the buffer safer to use by Freeing only on the first call and
setting the pointer to nil. This makes multiple calls to Free()
harmless, just like the underlying C.free().
Trying to access Bytes() and Get() after calling Free() will always
panic now, revealing the bug in the program.
Trying to use AioBuffer with libnbd API will likely segfault and panic.
I did not try to test this.
Signed-off-by: Nir Soffer <nsoffer(a)redhat.com>
---
golang/aio_buffer.go | 5 +++-
golang/libnbd_620_aio_buffer_test.go | 41 ++++++++++++++++++++++++++++
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/golang/aio_buffer.go b/golang/aio_buffer.go
index 2bc69a01..2b77d6ee 100644
--- a/golang/aio_buffer.go
+++ b/golang/aio_buffer.go
@@ -46,20 +46,23 @@ func MakeAioBuffer(size uint) AioBuffer {
func FromBytes(buf []byte) AioBuffer {
size := len(buf)
ret := MakeAioBuffer(uint(size))
for i := 0; i < len(buf); i++ {
*ret.Get(uint(i)) = buf[i]
}
return ret
}
func (b *AioBuffer) Free() {
- C.free(b.P)
+ if b.P != nil {
+ C.free(b.P)
+ b.P = nil
+ }
Good.
+++ b/golang/libnbd_620_aio_buffer_test.go
@@ -53,20 +53,61 @@ func TestAioBuffer(t *testing.T) {
See patch 1 comments about the file name. Otherwise looks good.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org