v5: Fix invalid access after free in do_recv: Coverity CID 1517308 #11218
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Coverity static analysis reported an invalid memory access after free in memheap_base_mkey.c(do_recv) for the OBJ_RELEASE macro at line 238. The send_buffer function call at line 234 unconditionally frees memory pointed to by msg, using a PMIX_DATA_BUFFER_RELEASE macro. The existing code was then freeing msg again, by use of an OBJ_RELEASE macro if send_buffer failed. This has the potential for a crash, SIGSEGV or possibly an error in free(). The invocation of OBJ_RELEASE is removed. Signed-off-by: David Wootton <[email protected]> (cherry picked from commit e8fec0a)
jjhursey
force-pushed
the
v5-cp-11170
branch
from
dbdf28a to
b02fc71
Compare
devreal
approved these changes
Dec 19, 2022
jjhursey
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Coverity static analysis reported an invalid memory access after free in memheap_base_mkey.c(do_recv) for the OBJ_RELEASE macro at line 238.
The send_buffer function call at line 234 unconditionally frees memory pointed to by msg, using a PMIX_DATA_BUFFER_RELEASE macro.
The existing code was then freeing msg again, by use of an OBJ_RELEASE macro if send_buffer failed.
This has the potential for a crash, SIGSEGV or possibly an error in free().
The invocation of OBJ_RELEASE is removed.
Signed-off-by: David Wootton [email protected]
(cherry picked from commit e8fec0a)