mxq_job: Fix invalid pointer deref on error path #84
Commits on Apr 15, 2020
-
mxq_job: Fix invalid pointer deref on error path
I've got this from valgrind: 2020-04-15 16:11:00 +0200 mxqd[6617]: mxqd mxqd.c:2600:main(): DEBUG: group_cnt=36 :: 36 Groups loaded 2020-04-15 16:11:00 +0200 mxqd[6617]: mxqd mxqd.c:1343:start_user(): DEBUG: user=buczek(125) slots_to_start=11 :: trying to start jobs for user. 2020-04-15 16:11:00 +0200 mxqd[6617]: mxqd mxqd.c:1370:start_user(): group=buczek(125):335148 slots_to_start=11 slots_per_job=11 :: trying to start job for group. ==6617== Conditional jump or move depends on uninitialised value(s) ==6617== at 0x40318FB: free (vg_replace_malloc.c:540) ==6617== by 0x415307: mxq_select_job_from_group (mxq_job.c:324) ==6617== by 0x41545F: mxq_assign_job_from_group_to_daemon (mxq_job.c:355) ==6617== by 0x416849: mxq_load_job_from_group_for_daemon (mxq_job.c:740) ==6617== by 0x40715F: start_job (mxqd.c:1188) ==6617== by 0x407B82: start_user (mxqd.c:1372) ==6617== by 0x407CC1: start_user_with_least_running_global_slot_count (mxqd.c:1412) ==6617== by 0x40B450: main (mxqd.c:2609) ==6617== 2020-04-15 16:11:00 +0200 mxqd[6617]: mxqd mxq_job.c:746:mxq_load_job_from_group_for_daemon(): WARNING: group_id=335148 :: mxq_assign_job_from_group_to_daemon(): No matching job found - maybe another server was a bit faster. ;) The pointer freed at the end of `mxq_select_job_from_group()` is supposed to be allocated by `mx_mysql_do_statement()`. However, the pointer is only allocated in the common case, where the routine delivers a result: if (result && result->count && num_rows) { tmpdata = mx_calloc_forever(num_rows, size); ... *to = tmpdata; In the unusual case that there was no result from the query (as above, because other servers already started all pending jobs) or in error cases, `job_id_out` might be uninitialized and the `free()` might is invalid. Make sure, we don't try to free via an unitialized pointer. Do not decide based on the return value of `mx_mysql_do_statement()`, because we don't want to duplicate the complicated logic in the if stated quited above to be duplicated in the caller.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.