Bug#991005: marked as done (unblock: corosync/3.1.2-2)

[Debian Bug Tracking System]

Your message dated Tue, 13 Jul 2021 12:43:53 +0000
with message-id <e1m3hlr-0006eh...@respighi.debian.org>
and subject line unblock corosync
has caused the Debian Bug report #991005,
regarding unblock: corosync/3.1.2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991005
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please age package corosync

  * [f641780] New patch: stats: fix crash when iterating over deleted keys.
    Cherry-picked from v3.1.4.
(change by Ferenc Wágner)

autopkgtest for corosync/3.1.2-2: amd64: Pass, arm64: Pass, armhf: Pass, i386: 
Pass, ppc64el: Pass
Too young, only 7 of 20 days old

This would reach 20 days after the deadline July 17th.

diff -Nru corosync-3.1.2/debian/changelog corosync-3.1.2/debian/changelog
--- corosync-3.1.2/debian/changelog     2021-04-07 15:19:13.000000000 +0300
+++ corosync-3.1.2/debian/changelog     2021-07-05 10:11:09.000000000 +0300
@@ -1,3 +1,11 @@
+corosync (3.1.2-2) unstable; urgency=medium
+
+  * [f641780] New patch: stats: fix crash when iterating over deleted keys.
+    Cherry-picked from v3.1.4.
+    Thanks to Christine Caulfield
+
+ -- Ferenc Wágner <wf...@debian.org>  Mon, 05 Jul 2021 09:11:09 +0200
+
 corosync (3.1.2-1) unstable; urgency=medium
 
   * [2c66d6d] New upstream release (3.1.2)
diff -Nru corosync-3.1.2/debian/patches/series 
corosync-3.1.2/debian/patches/series
--- corosync-3.1.2/debian/patches/series        2021-04-07 15:18:49.000000000 
+0300
+++ corosync-3.1.2/debian/patches/series        2021-07-05 10:08:39.000000000 
+0300
@@ -2,3 +2,4 @@
 Enable-PrivateTmp-in-the-systemd-service-files.patch
 Make-the-example-config-valid.patch
 man-corosync-cfgtool.8-use-proper-single-quotes.patch
+stats-fix-crash-when-iterating-over-deleted-keys.patch
diff -Nru 
corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch
 
corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch
--- 
corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch
        1970-01-01 02:00:00.000000000 +0200
+++ 
corosync-3.1.2/debian/patches/stats-fix-crash-when-iterating-over-deleted-keys.patch
        2021-07-05 10:08:39.000000000 +0300
@@ -0,0 +1,64 @@
+From: Christine Caulfield <ccaul...@redhat.com>
+Date: Thu, 3 Jun 2021 07:53:28 +0100
+Subject: stats: fix crash when iterating over deleted keys
+
+The libqb map API leaves 'ownership' of the data with the caller
+but does its own lifetime management, so it can easily happen that
+map_rm() is called and the data deleted by the caller.
+But if an iterator is running over that item then the map entry
+will not get removed (leaving dangling pointers) until later.
+
+libqb has a hack-y callback that tells the owner when it is safe to
+delete the allocated memory, so we hook into that. icmap is already
+using this.
+
+Signed-off-by: Christine Caulfield <ccaul...@redhat.com>
+Reviewed-by: Jan Friesse <jfrie...@redhat.com>
+---
+ exec/stats.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/exec/stats.c b/exec/stats.c
+index d5c1cbc..d9fd115 100644
+--- a/exec/stats.c
++++ b/exec/stats.c
+@@ -270,6 +270,17 @@ static void stats_rm_entry(const char *key)
+ 
+       if (item) {
+               qb_map_rm(stats_map, item->key_name);
++              /* Structures freed in callback below */
++      }
++}
++
++static void stats_map_free_cb(uint32_t event,
++                            char* key, void* old_value,
++                            void* value, void* user_data)
++{
++      struct stats_item *item = (struct stats_item *)old_value;
++
++      if (item) {
+               free(item->key_name);
+               free(item);
+       }
+@@ -279,6 +290,7 @@ cs_error_t stats_map_init(const struct corosync_api_v1 
*corosync_api)
+ {
+       int i;
+       char param[ICMAP_KEYNAME_MAXLEN];
++      int32_t err;
+ 
+       api = corosync_api;
+ 
+@@ -302,7 +314,12 @@ cs_error_t stats_map_init(const struct corosync_api_v1 
*corosync_api)
+       }
+ 
+       /* KNET, IPCS & SCHEDMISS stats are added when appropriate */
+-      return CS_OK;
++
++
++      /* Call us when we can free things */
++      err = qb_map_notify_add(stats_map, NULL, stats_map_free_cb, 
QB_MAP_NOTIFY_FREE, NULL);
++
++      return (qb_to_cs_error(err));
+ }
+ 
+ cs_error_t stats_map_get(const char *key_name,

--- End Message ---

--- Begin Message ---

Unblocked.

--- End Message ---