ssiegel
commented
1 year ago I encountered this issue in mosquitto-go-auth-oauth2, which keeps a cache keyed by the username. The cache is used to store access and refresh tokens acquired at login for future queries to the userinfo endpoint. With long lived sessions this cache can become corrupted. It is possible to work around it in mosquitto-go-auth-oauth2 by passing the cache keys through strings.Clone, but fixing it at the source seems to be the correct solution.
iegomez
Using the char* passed by Mosquitto in a GoString struct is unsafe. The memory it points to is managed by Mosquitto, but Go will keep the pointer around for an indefinite duration, even when Mosquitto might free the memory.
By passing the actual char* to Go, we can use C.GoString to convert it, which copies the bytes into a buffer managed by Go. That way we can use it safely at any time in the future.