Re: [PR] Bugfix: Butex returned to ObjectPool triggers use-after-poison (brpc)

Mon, 14 Jul 2025 02:12:03 -0700 


Copilot commented on code in PR #3012:
URL: https://github.com/apache/brpc/pull/3012#discussion_r2204311298


##########
docs/cn/sanitizers.md:
##########
@@ -17,6 +17,24 @@ BUTIL_ASAN_POISON_MEMORY_REGION(addr, size);
 BUTIL_ASAN_UNPOISON_MEMORY_REGION(addr, size);
 ```
 
+如果某些对象池在设计上允许操作对象池中的对象,例如ExecutionQueue、Butex,则需要特化ObjectPoolWithASanPoison,表示不对这些对象池的对象内存进行poison/unpoison,例如:
+
+```c++
+namespace butil {
+// TaskNode::cancel() may access the TaskNode object returned to the 
ObjectPool<TaskNode>,
+// so ObjectPool<TaskNode> can not poison the memory region of TaskNode.
+template <>
+struct ObjectPoolWithASanPoison<bthread::TaskNode> : false_type {};
+} // namespace butil
+
+namespace butil {
+// Butex object returned to the ObjectPool<Butex> may be accessed,

Review Comment:
   Remove the trailing comma and replace it with a period for proper grammar in 
the comment.
   ```suggestion
   // Butex object returned to the ObjectPool<Butex> may be accessed.
   ```



##########
src/bthread/butex.cpp:
##########
@@ -122,6 +122,17 @@ struct BAIDU_CACHELINE_ALIGNMENT Butex {
 BAIDU_CASSERT(offsetof(Butex, value) == 0, offsetof_value_must_0);
 BAIDU_CASSERT(sizeof(Butex) == BAIDU_CACHELINE_SIZE, 
butex_fits_in_one_cacheline);
 
+} // namespace bthread
+
+namespace butil {
+// Butex object returned to the ObjectPool<Butex> may be accessed,

Review Comment:
   Replace the trailing comma with a period to correct the comment punctuation.
   ```suggestion
   // Butex object returned to the ObjectPool<Butex> may be accessed.
   ```



##########
docs/cn/sanitizers.md:
##########
@@ -17,6 +17,24 @@ BUTIL_ASAN_POISON_MEMORY_REGION(addr, size);
 BUTIL_ASAN_UNPOISON_MEMORY_REGION(addr, size);
 ```
 
+如果某些对象池在设计上允许操作对象池中的对象,例如ExecutionQueue、Butex,则需要特化ObjectPoolWithASanPoison,表示不对这些对象池的对象内存进行poison/unpoison,例如:
+
+```c++
+namespace butil {
+// TaskNode::cancel() may access the TaskNode object returned to the 
ObjectPool<TaskNode>,
+// so ObjectPool<TaskNode> can not poison the memory region of TaskNode.
+template <>
+struct ObjectPoolWithASanPoison<bthread::TaskNode> : false_type {};
+} // namespace butil
+
+namespace butil {

Review Comment:
   The snippet defines two separate `namespace butil` blocks; consider merging 
them into one block for clarity and to reduce duplication.
   ```suggestion
   
   ```



##########
src/bthread/butex.cpp:
##########
@@ -122,6 +122,17 @@ struct BAIDU_CACHELINE_ALIGNMENT Butex {
 BAIDU_CASSERT(offsetof(Butex, value) == 0, offsetof_value_must_0);
 BAIDU_CASSERT(sizeof(Butex) == BAIDU_CACHELINE_SIZE, 
butex_fits_in_one_cacheline);
 
+} // namespace bthread
+
+namespace butil {
+// Butex object returned to the ObjectPool<Butex> may be accessed,
+// so ObjectPool<Butex> can not poison the memory region of Butex.

Review Comment:
   Use the single-word form “cannot” instead of “can not” for standard grammar.
   ```suggestion
   // so ObjectPool<Butex> cannot poison the memory region of Butex.
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For additional commands, e-mail: dev-h...@brpc.apache.org

Reply via email to