[Bro-Dev] (no subject)

Martina Balintova balint.martina at gmail.com
Fri Feb 2 08:33:55 PST 2018 

Hi,
Here are 2 questions, one about usage of memory after free, another seems
to me like memory leak. Could you please either confirm that these are bugs
and suggest fixes or help me work out why no?

Function src/loggin/Manager.cc: bool Manager::Write(EnumVal* id, RecordVal*
columns) seems to be using memory that might have been freed already.
CreateWriter function can delete info_and_fields and still return non null
writer. Any suggestions how to fix it? Maybe do not delete info in
CreateWriter if old writer still exists? Will info's memory be freed
somewhere later?

I do not have a test case for this issue though.

// CreateWriter() will set the other fields in info.

            writer = CreateWriter(stream->id, filter->writer,
                          info, filter->num_fields, arg_fields,
filter->local,
                          filter->remote, false, filter->name);

            if ( ! writer )
                {
                Unref(columns);
                return false;
                }
            }

        // Alright, can do the write now.

        threading::Value** vals = RecordToFilterVals(stream, filter,
columns);

        if ( ! PLUGIN_HOOK_WITH_RESULT(HOOK_LOG_WRITE,
HookLogWrite(filter->writer->Type()->AsEnumType()->Lookup(fi
lter->writer->InternalInt()),
filter->name, *info,
filter->num_fields,
filter->fields, vals), true) )



Another question is - inside src/input/Manager.cc -> a lot of places where
ev is allocated from EnumVal, it is not being freed or Unrefed.  Eg in
function Manager::Delete(...reader, vals) , it seems like predidx and ev
are allocated, but are not freed if there was not convert_error. This looks
like memory is leaked in all those cases.

 if ( stream->pred )
                                {
                                int startpos = 0;
                                Val* predidx = ValueToRecordVal(i, vals,
stream->itype, &startpos, convert_error);

                                if ( convert_error )
                                        Unref(predidx);
                                else
                                        {
                                        Ref(val);
                                        EnumVal *ev = new
EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event);

                                        streamresult =
CallPred(stream->pred, 3, ev, predidx, val);

                                        if ( streamresult == false )
                                                {
                                                // keep it.
                                                Unref(idxval);
                                                success = true;
                                                }
                                        }

                                }


Thank you for suggestions,

Martina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20180202/b9bb1377/attachment.html

More information about the bro-dev mailing list