You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/07/01 02:28:40 UTC
[GitHub] [rocketmq-client-cpp] ChrisZhangJin opened a new issue, #426: [vulnerability] Mismatched free in CProducer
ChrisZhangJin opened a new issue, #426:
URL: https://github.com/apache/rocketmq-client-cpp/issues/426
I found there is a **mismatched free** in CProducer, scanned by Valgrind.
# valgrind report
here is the report sample,
> ==1570== Mismatched free() / delete / delete []
==1570== at 0x4C2B51D: operator delete(void*) (vg_replace_malloc.c:586)
==1570== by 0x1736BC86: DestroyProducer (in /usr/lib64/librocketmq.so)
... ....
==1570== Address 0xd1cfb10 is 0 bytes inside a block of size 256 alloc'd
==1570== at 0x4C2AC38: operator new[](unsigned long) (vg_replace_malloc.c:433)
==1570== by 0x1736B7F9: CreateProducer (in /usr/lib64/librocketmq.so)
... ....
# the corresponding code
I checked the code, and found it was exactly mismatched for deleting a char array.
here is the new
while here is the delete
# found version:
I just used 2.0.1 and 2.2.0, but both same with it.
-------------------
It is a vulnerability, not a literally bug actually.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq-client-cpp] ChrisZhangJin commented on issue #426: [vulnerability] Mismatched free in CProducer
Posted by GitBox <gi...@apache.org>.
ChrisZhangJin commented on issue #426:
URL: https://github.com/apache/rocketmq-client-cpp/issues/426#issuecomment-1177167487
i'd love to, but i found it was fixed in master, here is the commit [6523dcc3b309a1065375e40657f68f66bfeca38d]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq-client-cpp] ShannonDing commented on issue #426: [vulnerability] Mismatched free in CProducer
Posted by GitBox <gi...@apache.org>.
ShannonDing commented on issue #426:
URL: https://github.com/apache/rocketmq-client-cpp/issues/426#issuecomment-1175699136
yes, it seems a memory leak. could you pls create a pr to fix it?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [rocketmq-client-cpp] ifplusor closed issue #426: [vulnerability] Mismatched free in CProducer
Posted by GitBox <gi...@apache.org>.
ifplusor closed issue #426: [vulnerability] Mismatched free in CProducer
URL: https://github.com/apache/rocketmq-client-cpp/issues/426
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org