[jira] [Updated] (ZOOKEEPER-4809) do_completion() use-after-free when log level is debug
[
https://issues.apache.org/jira/browse/ZOOKEEPER-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
fanyang updated ZOOKEEPER-4809:
---
Description:
{code:c}
void *do_completion(void *v)
{
zhandle_t *zh = v;
// ...
api_epilog(zh, 0); // L1
LOG_DEBUG(LOGCALLBACK(zh), "completion thread terminated"); // L2
return 0;
}
{code}
When the log level is debug, L2 gets the log calback after zookeeper_close(),
causes uaf.
was:
{code:c}
void *do_completion(void *v)
{
zhandle_t *zh = v;
// ...
api_epilog(zh, 0);
// L1
LOG_DEBUG(LOGCALLBACK(zh), "completion thread terminated"); // L2
return 0;
}
{code}
When the log level is debug, L2 gets the log calback after zookeeper_close(),
causes uaf.
> do_completion() use-after-free when log level is debug
> --
>
> Key: ZOOKEEPER-4809
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4809
> Project: ZooKeeper
> Issue Type: Bug
> Components: c client
>Reporter: fanyang
>Priority: Minor
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {code:c}
> void *do_completion(void *v)
> {
> zhandle_t *zh = v;
> // ...
> api_epilog(zh, 0); // L1
> LOG_DEBUG(LOGCALLBACK(zh), "completion thread terminated"); // L2
> return 0;
> }
> {code}
> When the log level is debug, L2 gets the log calback after zookeeper_close(),
> causes uaf.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (ZOOKEEPER-4809) do_completion() use-after-free when log level is debug
[
https://issues.apache.org/jira/browse/ZOOKEEPER-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
fanyang updated ZOOKEEPER-4809:
---
Description:
{code:c}
void *do_completion(void *v)
{
zhandle_t *zh = v;
// ...
api_epilog(zh, 0);
// L1
LOG_DEBUG(LOGCALLBACK(zh), "completion thread terminated"); // L2
return 0;
}
{code}
When the log level is debug, L2 gets the log calback after zookeeper_close(),
causes uaf.
> do_completion() use-after-free when log level is debug
> --
>
> Key: ZOOKEEPER-4809
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4809
> Project: ZooKeeper
> Issue Type: Bug
> Components: c client
>Reporter: fanyang
>Priority: Minor
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {code:c}
> void *do_completion(void *v)
> {
> zhandle_t *zh = v;
> // ...
> api_epilog(zh, 0);
> // L1
> LOG_DEBUG(LOGCALLBACK(zh), "completion thread terminated"); // L2
> return 0;
> }
> {code}
> When the log level is debug, L2 gets the log calback after zookeeper_close(),
> causes uaf.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (ZOOKEEPER-4809) do_completion() use-after-free when log level is debug
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated ZOOKEEPER-4809: -- Labels: pull-request-available (was: ) > do_completion() use-after-free when log level is debug > -- > > Key: ZOOKEEPER-4809 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4809 > Project: ZooKeeper > Issue Type: Bug > Components: c client >Reporter: fanyang >Priority: Minor > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (ZOOKEEPER-4809) do_completion() use-after-free when log level is debug
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] fanyang updated ZOOKEEPER-4809: --- Summary: do_completion() use-after-free when log level is debug (was: Fix do_completion() use-after-free when log level is debug) > do_completion() use-after-free when log level is debug > -- > > Key: ZOOKEEPER-4809 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4809 > Project: ZooKeeper > Issue Type: Bug > Components: c client >Reporter: fanyang >Priority: Minor > -- This message was sent by Atlassian Jira (v8.20.10#820010)
