Used the free memory ??

apache / brpc

brpc is an Industrial-grade RPC framework using C++ Language, which is often used in high performance system such as Search, Storage, Machine learning, Advertisement, Recommendation etc. "brpc" means "better RPC".

https://brpc.apache.org

Apache License 2.0

16.56k stars 3.98k forks source link

Used the free memory ?? #2794

Closed QiAnXinCodeSafe closed 4 weeks ago

QiAnXinCodeSafe commented 1 month ago

Hi all, This is Qianxin CodeSafe Team, we found a suspicious issue, where has used the free memory "kt"at https://github.com/apache/brpc/blob/5cdf22f158722b3b11c7eabb7632690d719ccc4b/src/bthread/key.cpp#L240 but ,the memory already released at
https://github.com/apache/brpc/blob/5cdf22f158722b3b11c7eabb7632690d719ccc4b/src/bthread/key.cpp#L239

chenBright commented 4 weeks ago

Here only the value of the kt pointer is used, not the memory it points to.

QiAnXinCodeSafe commented 4 weeks ago

Thank you for your reply