From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id C643946970E for ; Tue, 14 Jan 2020 23:24:55 +0300 (MSK) Date: Tue, 14 Jan 2020 23:24:55 +0300 From: Nikita Pettik Message-ID: <20200114202455.GE7851@tarantool.org> References: <20191129213905.36097-1-maria.khaydich@tarantool.org> <1575631765.615916554@f415.i.mail.ru> <20200114173011.GI31598@uranus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200114173011.GI31598@uranus> Subject: Re: [Tarantool-patches] [PATCH] Memtx_tuple_delete used heap after free List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Cyrill Gorcunov Cc: tarantool-patches@dev.tarantool.org On 14 Jan 20:30, Cyrill Gorcunov wrote: > On Fri, Dec 06, 2019 at 02:29:25PM +0300, Maria Khaydich wrote: > > Overlooked a better solution as @PersDep kindly suggested. Sending the > > fixed version. > > > > Subject: [PATCH] Memtx_tuple_delete used heap after free > > Struct of type tuple_format is being passed as > > an argument to tuple_format_unref where it might > > be freed. On such occasion any further references > > to format fields should not take place. > > > > Closes #4658 > > --- > > Issue: > > https://github.com/tarantool/tarantool/issues/4658 > > Branch: > > https://github.com/tarantool/tarantool/compare/eljashm/gh-4658-heap-use-after-free > Acked-by: Cyrill Gorcunov Changed commit message to "Fix use-after-free in memtx_tuple_delete()" and pushed to master. Thanks.