[PATCH] patterndb: Fix test_patterndb crash when testing outside-of-rule db lookups.
First test_patterndb_tags_outside_of_rule() nulls out the messages pointer, then it calls clean_pattern_db(), which unconditionally dereferences it. This will never work. Guard the use of messages in clean_pattern_db() with a nullity check. Signed-off-by: Nick Alcock <nix@esperi.org.uk> --- modules/dbparser/tests/test_patterndb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/dbparser/tests/test_patterndb.c b/modules/dbparser/tests/test_patterndb.c index 7ad7f09..ea7c576 100644 --- a/modules/dbparser/tests/test_patterndb.c +++ b/modules/dbparser/tests/test_patterndb.c @@ -69,8 +69,11 @@ create_pattern_db(gchar *pdb) void clean_pattern_db(void) { - g_ptr_array_foreach(messages, (GFunc) log_msg_unref, NULL); - g_ptr_array_free(messages, TRUE); + if (messages) + { + g_ptr_array_foreach(messages, (GFunc) log_msg_unref, NULL); + g_ptr_array_free(messages, TRUE); + } pattern_db_free(patterndb); patterndb = NULL; -- 1.9.1.171.gc28c581
Nick Alcock <nix@esperi.org.uk> writes:
First test_patterndb_tags_outside_of_rule() nulls out the messages pointer, then it calls clean_pattern_db(), which unconditionally dereferences it.
While I was under the impression that g_ptr_array_*() would handle a NULL ptr array, I see no harm in the patch itself, especially considering its in a test. I applied the patch to 3.5/master, thanks! For the record, I never saw the crash, so perhaps it happens only with specific glib settings... Do you have any G_DEBUG or similar environment variables set? If not, can you tell me how your glib was compiled, or which distro this crash happens on? -- |8]
On 7 Apr 2014, Gergely Nagy uttered the following:
Nick Alcock <nix@esperi.org.uk> writes:
First test_patterndb_tags_outside_of_rule() nulls out the messages pointer, then it calls clean_pattern_db(), which unconditionally dereferences it.
While I was under the impression that g_ptr_array_*() would handle a NULL ptr array,
It does... *iff* glib was compiled with --enable-debug: in that situation, g_ptr_array_foreach() does a g_return_if_fail() on the array, and does nothing if it's NULL. But if you specify --disable-debug, -DG_DISABLE_CHECKS gets defined, whereupon g_return_if_fail() et al compile down to nothing, and g_ptr_array_foreach() promptly dereferences the null pointer repeatedly. Boom. (I'm using glib 2.38.2, but this behaviour appears to be as old as glib.)
For the record, I never saw the crash, so perhaps it happens only with specific glib settings... Do you have any G_DEBUG or similar environment variables set? If not, can you tell me how your glib was compiled, or which distro this crash happens on?
I have the *lack* of an --enable-debug at glib compile time set. A lot of distros appear to compile it with --enable-debug, but I don't think it's entirely wise to rely on this. -- NULL && (void)
participants (3)
-
Gergely Nagy
-
Nick Alcock
-
Nix