search

FirebirdSQL / firebird

Firebird server, client and tools
https://www.firebirdsql.org/
1.19k stars 204 forks source link

Firebird crashes if a plugin factory returns nullptr and no error in status #8101

Open aafemt opened 2 weeks ago

aafemt commented 2 weeks ago

If a trace plugin's factory returns nullptr and no error in status - Firebird crashes trying to reference this pointer. Returned value should be checked for nullptr in any case.

hvlad commented 2 weeks ago

What is Firebird version and call stack of crash ?

aafemt commented 2 weeks ago

Firebird 4.0.4.2981

No stack trace but I guess the crash occur on TraceManager.cpp:148 line info.factory->addRef(); after previous line assigned nullptr returned from traceItr.plugin() to info.factory because GetPlugins::getPlugin() check status for error but doesn't check returned value.

And this code is the same in all versions.

hvlad commented 1 week ago

It is still not clear what do you speak about - the bug in TraceManager ? in PluginManager ? in some implementation of custom (trace) plugin ? It is important to know to fix a root issue, not particular case (what case?)

aafemt commented 1 week ago

IMHO it is a bug in TraceManager. It must not trust plugin's sanity and check returned values.

hvlad commented 1 week ago

Did you check another callers of GetPlugins::plugin() ?

aafemt commented 1 week ago

I'm sorry, my guess was wrong. The returned value is checked there by hasData() call.

But in ConfiguredPlugin::factory() value returned by createPlugin() isn't checked before calling setOwner() unless I missed something again.

AlexPeshkoff commented 1 week ago

On 5/5/24 01:28, Dimitry Sibiryakov wrote:

I'm sorry, my guess was wrong. The returned value is checked there by |hasData()| call.

But in |ConfiguredPlugin::factory()| value returned by |createPlugin()| isn't checked before calling |setOwner()| unless I missed something again.

We anyway have to trust code in plugins cause it runs in the same process as native FB code. And if plugin factory returned no error it must return valid interface pointer. In this case plugin should be fixed. It can cause segfault in 100500 other ways, what a sense to fux one case?

hvlad commented 1 week ago

I'm sorry, my guess was wrong.

Don't you think that issue title should be changed ?

aafemt commented 1 week ago

And if plugin factory returned no error it must return valid interface pointer. In this case plugin should be fixed. It can cause segfault in 100500 other ways, what a sense to fux one case?

100500 other places already protected by hasData() call as I said above. nullptr is a valid pointer. At least specs doesn't say otherwise. Factory may have a reason to refuse return plugin object not related to any error and just want the engine to proceed to the next plugin in list.

AlexPeshkoff commented 1 week ago

For me valid pointer is one that may be de-referenced successfully. But I do not want to waste time with this discussion any more - in this place additional check does not cause something bad, add it please.

aafemt commented 1 week ago

in this place additional check does not cause something bad, add it please.

Do you mean an additional check besides one that is added in the PR?