From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id E5F126EC5B; Wed, 12 May 2021 23:26:01 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org E5F126EC5B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1620851162; bh=NPhr6Cz23ckwLKMhfcsoQUQ7lHFnt0LNwDOcx63PK5E=; h=To:Cc:References:Date:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=pgxFQ20o9qYBHWHJjBmUz9+oYLRXVGYhiSh67ILOqIsMg8tvaSYF7eUTmnFJUtl8O iUMLcA2d7IBN/oklpbsg3JGi8xe33VvnaHTbYksMqpuFZBO3RX1b1++26Pi2fJaKGO zSZzrh/vEcraoXvj6hzZ1nGjh5pBme1dOaYdEXcI= Received: from smtp44.i.mail.ru (smtp44.i.mail.ru [94.100.177.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id A590A6EC5B for ; Wed, 12 May 2021 23:26:00 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org A590A6EC5B Received: by smtp44.i.mail.ru with esmtpa (envelope-from ) id 1lgvQd-0004Up-UF; Wed, 12 May 2021 23:26:00 +0300 To: Serge Petrenko , gorcunov@gmail.com Cc: tarantool-patches@dev.tarantool.org References: <20210512113907.12968-1-sergepetrenko@tarantool.org> Message-ID: Date: Wed, 12 May 2021 22:25:59 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <20210512113907.12968-1-sergepetrenko@tarantool.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD95978C26455E69BE0B2C7F7C3B0039F1303CE517DE434612D182A05F53808504046F1C7E5001873DE0A9631BA0E3155B2ABC858A214E684D45264117A42B24D11 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7624C4D757C4F5837EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063757004B04402545C58638F802B75D45FF914D58D5BE9E6BC1A93B80C6DEB9DEE97C6FB206A91F05B2454CDF11D836A42B3F7A75C317EFAA2F21114FFCE5AE9CDCD2E47CDBA5A96583C09775C1D3CA48CF11471C67CF6D96D5117882F4460429724CE54428C33FAD30A8DF7F3B2552694AC26CFBAC0749D213D2E47CDBA5A9658378DA827A17800CE74796267E12EBBF229FA2833FD35BB23DF004C90652538430302FCEF25BFAB3454AD6D5ED66289B5278DA827A17800CE71D39D734A326BDE9D32BA5DBAC0009BE395957E7521B51C20BC6067A898B09E4090A508E0FED6299176DF2183F8FC7C03D999A71A647D7A0CD04E86FAF290E2D7E9C4E3C761E06A71DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6300D3B61E77C8D3B089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF X-B7AD71C0: AC4F5C86D027EB782CDD5689AFBDA7A2368A440D3B0F6089093C9A16E5BC824A2A04A2ABAA09D25379311020FFC8D4AD7C74C850041D70F47231D88B3954B645 X-C1DE0DAB: 0D63561A33F958A5F2BB5B149E6D2A1B4CA1E52290D289DEBB92ACFE23BE8366D59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA7502E6951B79FF9A3F410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D3438BC6CF312DA73154849A4C0C3A41D7084C2EBA3C4F705737ECD41DB495F61A912AA2DA03A29AEDA1D7E09C32AA3244C00B360B5786CC3B7474E6C69074E54C235DA7DC5AF9B58C0FACE5A9C96DEB163 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojo6y/qPNd2uyg6kzk/QuxHQ== X-Mailru-Sender: 504CC1E875BF3E7D9BC0E5172ADA311043F8F8AD35921FCBC121AAC4F851CF54FB1A08053D4E49E707784C02288277CA03E0582D3806FB6A5317862B1921BA260ED6CFD6382C13A6112434F685709FCF0DA7A0AF5A3A8387 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH] relay: fix use after free in subscribe_f X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Vladislav Shpilevoy via Tarantool-patches Reply-To: Vladislav Shpilevoy Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Hi! Thanks for the patch! > diff --git a/src/box/relay.cc b/src/box/relay.cc > index ff43c2fc7..32d3a58dd 100644 > --- a/src/box/relay.cc > +++ b/src/box/relay.cc > @@ -756,6 +755,8 @@ relay_subscribe_f(va_list ap) > if (!relay->replica->anon) > relay_send_is_raft_enabled(relay, &raft_enabler, true); > > + struct recovery *r = relay->r; > + There is another cbus_process() on line 808. Won't it lead to the same issue if recovery would be restarted? I see it is for version < 1.7.4 so probably not. Another option would be to simply inline relay->r in its usage places and not remember it into a variable. Anyway LGTM. Up to you if want to inline.