This is an automated email from the ASF dual-hosted git repository.
kezhuw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 4e999c870 ZOOKEEPER-4809: Fix adaptor threads use-after-free when log
level is debug (#2139)
4e999c870 is described below
commit 4e999c8708656ab18ea466607ee9859b517b680a
Author: fanyang <[email protected]>
AuthorDate: Fri Aug 2 12:58:40 2024 +0800
ZOOKEEPER-4809: Fix adaptor threads use-after-free when log level is debug
(#2139)
The log callback needs to be obtained from freed zhandle when the log level
is debug, resulting in used-after-free.
---
zookeeper-client/zookeeper-client-c/src/mt_adaptor.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/zookeeper-client/zookeeper-client-c/src/mt_adaptor.c
b/zookeeper-client/zookeeper-client-c/src/mt_adaptor.c
index 4e6e1b6bf..174701c73 100644
--- a/zookeeper-client/zookeeper-client-c/src/mt_adaptor.c
+++ b/zookeeper-client/zookeeper-client-c/src/mt_adaptor.c
@@ -359,6 +359,7 @@ unsigned __stdcall do_io( void * v)
void *do_io(void *v)
#endif
{
+ log_callback_fn log_fn;
zhandle_t *zh = (zhandle_t*)v;
#ifndef WIN32
struct pollfd fds[2];
@@ -456,8 +457,9 @@ void *do_io(void *v)
if(is_unrecoverable(zh))
break;
}
- api_epilog(zh, 0);
- LOG_DEBUG(LOGCALLBACK(zh), "IO thread terminated");
+ log_fn = LOGCALLBACK(zh);
+ api_epilog(zh, 0);
+ LOG_DEBUG(log_fn, "IO thread terminated");
return 0;
}
@@ -468,6 +470,7 @@ void *do_completion(void *v)
#endif
{
zhandle_t *zh = v;
+ log_callback_fn fn;
api_prolog(zh);
notify_thread_ready(zh);
LOG_DEBUG(LOGCALLBACK(zh), "started completion thread");
@@ -479,8 +482,9 @@ void *do_completion(void *v)
pthread_mutex_unlock(&zh->completions_to_process.lock);
process_completions(zh);
}
- api_epilog(zh, 0);
- LOG_DEBUG(LOGCALLBACK(zh), "completion thread terminated");
+ fn = LOGCALLBACK(zh);
+ api_epilog(zh, 0);
+ LOG_DEBUG(fn, "completion thread terminated");
return 0;
}
