xlog use-after-free

Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

xlog use-after-free

Chris Ruvolo KC2SYK
Hello, all.

I've been experiencing crashes in xlog as packaged with debian.  I tried the
latest CVS as well, but the behavior didn't change.  Some crashes have been
reproducible.

I ran xlog with valgrind and tracked it down to a use-after-free scenario in
the gtk open dialog.  Please see the attached diff, which solves the crash
for me and generated a (mostly) clean valgrind output.

Without this patch, lp->type was being assigned even though lp was just
freed in the call to log_file_close().

Thank you and 73
-Chris K2CR

--
Chris Ruvolo K2CR
[hidden email]

use-after-free-patch.diff (894 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: xlog use-after-free

Andy Stewart-2
On 1/8/21 1:48 PM, Chris K2CR wrote:

> Hello, all.
>
> I've been experiencing crashes in xlog as packaged with debian.  I tried the
> latest CVS as well, but the behavior didn't change.  Some crashes have been
> reproducible.
>
> I ran xlog with valgrind and tracked it down to a use-after-free scenario in
> the gtk open dialog.  Please see the attached diff, which solves the crash
> for me and generated a (mostly) clean valgrind output.
>
> Without this patch, lp->type was being assigned even though lp was just
> freed in the call to log_file_close().
>
> Thank you and 73
> -Chris K2CR
>

Hi Chris,

I think it is cool that you took the time to run valgrind on the xlog
executable - thanks!

The version of xlog packaged with Debian is 2.0.14 and that is ancient.
Version 2.0.19 can be downloaded here:

http://download.savannah.nongnu.org/releases/xlog/

Latest CVS will eventually become version 2.0.20 and I'm actively working on it
now.  Let me look at your patch and weave it into my latest version.

BTW, is there a way that I can reliably repeat the crash scenario?

Thanks(!!), and 73,

Andy

--
Andy Stewart (KB1OIQ)
Vice President: PART of Westford, MA (WB1GOF)

Reply | Threaded
Open this post in threaded view
|

Re: xlog use-after-free

Chris Ruvolo KC2SYK
On Fri, Jan 08, 2021 at 03:08:56PM -0500, Andy Stewart wrote:
> I think it is cool that you took the time to run valgrind on the xlog
> executable - thanks!

Hi Andy,

I'm glad to help.  BTW, I had also tried the debian 2.0.19 version from
testing, which I rebuilt cleanly on my stable box.  The problem manifests
there as well.

> BTW, is there a way that I can reliably repeat the crash scenario?

I'm not sure if I'm able to reproduce a crash without my data, but I'm able
to reproduce the valgrind use-after-free condition from a clean ~/.xlog dir.
This can be done by loading any xlog log file using the open dialog.

BTW, I was surprised that we're sticking with CVS.  I think it might be
easier for others to contribute if more modern tools like git are employed.

Regards and 73
-Chris K2CR

--
Chris Ruvolo K2CR
[hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: xlog use-after-free

Chris Ruvolo KC2SYK
On Fri, Jan 08, 2021 at 08:19:08PM -0500, Andy Stewart wrote:
> I patched the file and checked it into CVS.  Please verify that I've done
> the change correctly.

Looks good!  Thanks.

> I've seen seemingly arbitrary crashes.  Perhaps this was the cause after all.

It's possible that there are others.  I'll run with valgrind for a bit and
see if it comes up with anything else.

> Finding bugs is great.  Submitting quality patches, as you have done, is
> even better!  Thanks!!

Glad to help.  73

-Chris K2CR

--
Chris Ruvolo K2CR
[hidden email]