[Tarantool-patches] [PATCH] relay: fix use after free in subscribe_f
Vladislav Shpilevoy
v.shpilevoy at tarantool.org
Wed May 12 23:25:59 MSK 2021
Hi! Thanks for the patch!
> diff --git a/src/box/relay.cc b/src/box/relay.cc
> index ff43c2fc7..32d3a58dd 100644
> --- a/src/box/relay.cc
> +++ b/src/box/relay.cc
> @@ -756,6 +755,8 @@ relay_subscribe_f(va_list ap)
> if (!relay->replica->anon)
> relay_send_is_raft_enabled(relay, &raft_enabler, true);
>
> + struct recovery *r = relay->r;
> +
There is another cbus_process() on line 808. Won't it lead to the same issue
if recovery would be restarted? I see it is for version < 1.7.4 so probably
not. Another option would be to simply inline relay->r in its usage places
and not remember it into a variable.
Anyway LGTM. Up to you if want to inline.
More information about the Tarantool-patches
mailing list