You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by da...@apache.org on 2019/12/17 17:53:19 UTC
[couchdb] branch fix-js-tests created (now b3baae5)
This is an automated email from the ASF dual-hosted git repository.
davisp pushed a change to branch fix-js-tests
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
at b3baae5 Fix use after free of ICU collators
This branch includes the following new commits:
new 50a4d08 Disable ken auto-building of this design doc
new b3baae5 Fix use after free of ICU collators
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb] 02/02: Fix use after free of ICU collators
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
davisp pushed a commit to branch fix-js-tests
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit b3baae5eb5446316988df6cecd62a46f2edd915c
Author: Paul J. Davis <pa...@gmail.com>
AuthorDate: Tue Dec 17 11:40:24 2019 -0600
Fix use after free of ICU collators
During `init:restart()` we end up calling the `couch_ejson_compare`
NIF's unload function which destroys all of the allocated collators.
However, we don't clear the associated thread local states which leads
us to a use after free issue and the ensuing segfaults. This adds checks
so that threads know when their cached threadlocal collator is no longer
valid.
---
src/couch/priv/couch_ejson_compare/couch_ejson_compare.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/couch/priv/couch_ejson_compare/couch_ejson_compare.c b/src/couch/priv/couch_ejson_compare/couch_ejson_compare.c
index 6d1043f..ad3d0cd 100644
--- a/src/couch/priv/couch_ejson_compare/couch_ejson_compare.c
+++ b/src/couch/priv/couch_ejson_compare/couch_ejson_compare.c
@@ -48,9 +48,11 @@ typedef struct {
} ctx_t;
static threadlocal UCollator* collator = NULL;
+static threadlocal int64_t threadEpoch = 0;
static UCollator** collators = NULL;
static int numCollators = 0;
static int numSchedulers = 0;
+static int64_t loadEpoch = 0;
static ErlNifMutex* collMutex = NULL;
static ERL_NIF_TERM less_json_nif(ErlNifEnv*, int, const ERL_NIF_TERM []);
@@ -69,7 +71,7 @@ get_collator()
{
UErrorCode status = U_ZERO_ERROR;
- if(collator != NULL) {
+ if(collator != NULL && threadEpoch == loadEpoch) {
return collator;
}
@@ -87,6 +89,8 @@ get_collator()
assert(numCollators <= numSchedulers && "Number of schedulers shrank.");
+ threadEpoch = loadEpoch;
+
return collator;
}
@@ -387,6 +391,8 @@ on_load(ErlNifEnv* env, void** priv, ERL_NIF_TERM info)
return 2;
}
+ loadEpoch += 1;
+
collMutex = enif_mutex_create("coll_mutex");
if (collMutex == NULL) {
@@ -421,6 +427,8 @@ on_unload(ErlNifEnv* env, void* priv_data)
enif_free(collators);
}
+ numCollators = 0;
+
if (collMutex != NULL) {
enif_mutex_destroy(collMutex);
}
[couchdb] 01/02: Disable ken auto-building of this design doc
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
davisp pushed a commit to branch fix-js-tests
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 50a4d08fc56d2b114d101aee654a4b96ee8b6996
Author: Paul J. Davis <pa...@gmail.com>
AuthorDate: Mon Dec 16 15:46:37 2019 -0600
Disable ken auto-building of this design doc
We're making assertions that the view isn't being built in the
background and Ken violates those assertions.
---
test/javascript/tests/design_docs.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/javascript/tests/design_docs.js b/test/javascript/tests/design_docs.js
index b23075b..f06efc8 100644
--- a/test/javascript/tests/design_docs.js
+++ b/test/javascript/tests/design_docs.js
@@ -45,6 +45,7 @@ couchTests.design_docs = function(debug) {
var designDoc = {
_id: "_design/test",
language: "javascript",
+ autoupdate: false,
whatever : {
stringzone : "exports.string = 'plankton';",
commonjs : {