[GitHub] [qpid-dispatch] kgiusti commented on a change in pull request #1498: DISPATCH-2318: fix double-free of subscription on shutdown

Thu, 27 Jan 2022 08:07:30 -0800 


kgiusti commented on a change in pull request #1498:
URL: https://github.com/apache/qpid-dispatch/pull/1498#discussion_r793764198



##########
File path: src/router_core/route_tables.c
##########
@@ -671,8 +671,7 @@ static void qdr_subscribe_CT(qdr_core_t *core, qdr_action_t 
*action, bool discar
             DEQ_INSERT_TAIL(addr->subscriptions, sub);
             qdr_addr_start_inlinks_CT(core, addr);
         }
-    } else
-        free(sub);
+    }

Review comment:
       The lifecycle of the subscription instance starts when 
qdr_core_subscribe() is called, and ends when qdr_core_unsubscribe() is called. 
  These calls must be paired, like malloc()/free().
   
   The key point is that the caller to qdr_core_subscribe() always gets a 
pointer to the allocated sub regardless of what eventually happens to the 
action passed to the core thread.  That action holds a non-owning reference to 
the subscription instance.  But on discard the old code will free that pointer 
even tho it doesn't own it - the caller to qdr_core_subscribe() still holds a 
pointer to the sub.
   
   If removing this free triggers a new leak then the cause of that leak is due 
to the caller of qdr_core_subscribe() not calling qdr_core_unsubscribe() to 
free the sub, a violation of the contract.
   
   This is what makes "C" so much fun!  The language doesn't enforce the notion 
of ownership vs borrowing: it's totally legal to make multiple copies of a 
reference to a dynamic resource and scatter them throughout the code. We coders 
just have the simple task of making sure that resource remains available for as 
long as there are references outstanding.  Nobody ever gets that wrong (please 
read that with "sarcastic voice" enabled).  :)
   
   And don't get me started on mutability of a shared reference... I've done 
enough of "head desking" due to bugs caused by that. :)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to