On Tue, Mar 10, 2015 at 11:21:18AM -0700, Linus Aranha wrote: > Hi libevent developers, > > I was not sure if we have to raise bugs for the beta version - > libevent-2.1.5 so here is an email to begin. We would really appreciate a > fix for issue 1 soon.
Hi Linus, Sorry for such a long delay, can you provide samples for this issues? Thanks, Azat. > > Thanks, > Linus Aranha > > Issue 1) > Cleanup ordering issue in evdns_base_free_and_unlock - gives rise to > invalid reads/writes > > I found an issue in the code for libevent-2.1.5-beta in the cleanup > function - evdns_base_free_and_unlock. > > Below is the valgrind report. It looks we end up accessing the nameserver > (evdns.c:662) pointer part of the requests structure after it is cleaned up > at evdns.c:4011. > > The issue is not present in 2.0.21-stable. > > Maybe we could just re-order the cleanup so the nameservers are cleaned up > in the end? That should prevent the invalid reads and writes. > > ==722== Invalid read of size 4 > ==722== at 0x4C4CB80: request_finished (evdns.c:662) > ==722== by 0x4C56228: evdns_base_free_and_unlock (evdns.c:4022) > ==722== by 0x4C56483: evdns_base_free (evdns.c:4062) > ==722== by 0x404A0B: dummy_function1 (file.c:xxx) > ==722== by 0x405F61: dummy_function2 (file.c:xxx) > ==722== by 0x40BDD5: dummy_function3 (file.c:xxx) > ==722== by 0x40EED2: dummy_function4 (file.c:xxx) > ==722== by 0x4C38D72: event_persist_closure (event.c:1531) > ==722== by 0x4C3905B: event_process_active_single_queue (event.c:1590) > ==722== by 0x4C39684: event_process_active (event.c:1689) > ==722== by 0x4C39DE0: event_base_loop (event.c:1912) > ==722== by 0x4C3970C: event_base_dispatch (event.c:1723) > ==722== by 0x404C46: main (file.c:xxx) > ==722== Address 0x5dfa710 is 448 bytes inside a block of size 456 free'd > ==722== at 0x4A0739B: free (vg_replace_malloc.c:473) > ==722== by 0x405AB7: dummy_free (file.c:xx) > ==722== by 0x4C3EE8F: event_mm_free_ (event.c:3462) > ==722== by 0x4C5610F: evdns_nameserver_free (evdns.c:3995) > ==722== by 0x4C56149: evdns_base_free_and_unlock (evdns.c:4011) > ==722== by 0x4C56483: evdns_base_free (evdns.c:4062) > ==722== by 0x404A0B: dummy_function1 (file.c:xxx) > ==722== by 0x405F61: dummy_function2 (file.c:xxx) > ==722== by 0x40BDD5: dummy_function3 (file.c:xxx) > ==722== by 0x40EED2: dummy_function4 (file.c:xxx) > ==722== by 0x4C38D72: event_persist_closure (event.c:1531) > ==722== by 0x4C3905B: event_process_active_single_queue (event.c:1590) > ==722== by 0x4C39684: event_process_active (event.c:1689) > ==722== by 0x4C39DE0: event_base_loop (event.c:1912) > ==722== by 0x4C3970C: event_base_dispatch (event.c:1723) > ==722== by 0x404C46: main (file.c:xxx) > > Issue 2) > Found memory leak > > Valgrind stacktrace is below. > > ==722== 792 bytes in 3 blocks are definitely lost in loss record 34 of 65 > ==722== at 0x4A05F80: malloc (vg_replace_malloc.c:296) > ==722== by 0x4059EA: dummy_malloc (dummy.c:xx) > ==722== by 0x4C3ED1B: event_mm_calloc_ (event.c:3403) > ==722== by 0x4C578C8: evdns_getaddrinfo (evdns.c:4649) > ==722== by 0x4047A7: dummy1 (dummy.c:xxx) > ==722== by 0x404933: dummy2 (dummy.c:xxx) > ==722== by 0x41F412: dummy3 (dummy.c:xxx) > ==722== by 0x41EEE1: dummy4 (dummy.c:xxx) > ==722== by 0x404CF8: dummy5 (dummy.c:xxx) > ==722== by 0x4C390FE: event_process_active_single_queue (event.c:1597) > ==722== by 0x4C39684: event_process_active (event.c:1689) > ==722== by 0x4C39DE0: event_base_loop (event.c:1912) > ==722== by 0x4C3970C: event_base_dispatch (event.c:1723) > ==722== by 0x404C46: main (dummy.c:xxx) > ==722== *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe libevent-users in the body.
