search

irods / irods

Open Source Data Management Software
https://irods.org
BSD 3-Clause "New" or "Revised" License
445 stars 141 forks source link

Rule engine double free with input argument of type bool #3581

Open kellerb opened 7 years ago

kellerb commented 7 years ago

Rule contents:

myTestRule {
}
INPUT *protect=true
OUTPUT ruleExecOut
irule -F rule.r
Invalid free() / delete / delete[] / realloc()
   at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0xA46D90: clearMsParam (msParam.cpp:500)
   by 0xA46FE6: trimMsParamArray (msParam.cpp:583)
   by 0x7F5F00: rsExecMyRule(rsComm_t*, ExecMyRuleInp*, MsParamArray**) (rsExecMyRule.cpp:59)
   by 0x69E241: rsApiHandler(rsComm_t*, int, BytesBuf*, BytesBuf*) (rsApiHandler.cpp:161)
   by 0x6A0111: readAndProcClientMsg(rsComm_t*, int) (rsApiHandler.cpp:557)
   by 0x576CBF: agentMain(rsComm_t*) (rodsAgent.cpp:355)
   by 0x5757FB: main (rodsAgent.cpp:251)
 Address 0x12441690 is 0 bytes inside a block of size 1,024 free'd
   at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x981972: updateResToMsParam(MsParam*, node*, rError_t*) (conversion.cpp:449)
   by 0x981B1E: convertHashtableToMsParamArray(MsParamArray*, hashtable*, rError_t*) (conversion.cpp:483)
   by 0x981A31: convertEnvToMsParamArray(MsParamArray*, env*, rError_t*, region*) (conversion.cpp:467)
   by 0x981A04: convertEnvToMsParamArray(MsParamArray*, env*, rError_t*, region*) (conversion.cpp:463)
   by 0x930775: parseAndComputeRuleAdapter(char*, MsParamArray*, RuleExecInfo*, int, region*) (rules.cpp:175)
   by 0x9C4EDB: execMyRuleWithSaveFlag(char*, MsParamArray*, char*, RuleExecInfo*, int) (nre.reLib1.cpp:311)
   by 0x9C4BA6: execMyRule(char*, MsParamArray*, char*, RuleExecInfo*) (nre.reLib1.cpp:242)
   by 0x7F5EB2: rsExecMyRule(rsComm_t*, ExecMyRuleInp*, MsParamArray**) (rsExecMyRule.cpp:52)
   by 0x69E241: rsApiHandler(rsComm_t*, int, BytesBuf*, BytesBuf*) (rsApiHandler.cpp:161)
   by 0x6A0111: readAndProcClientMsg(rsComm_t*, int) (rsApiHandler.cpp:557)
   by 0x576CBF: agentMain(rsComm_t*) (rodsAgent.cpp:355)
   by 0x5757FB: main (rodsAgent.cpp:251)
 Block was alloc'd at
   at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x63EBBD: unpackPointerItem (packStruct.cpp:3009)
   by 0x63CA96: unpackItem (packStruct.cpp:1888)
   by 0x63E32B: unpackChildStruct (packStruct.cpp:2762)
   by 0x63ECDC: unpackPointerItem (packStruct.cpp:3034)
   by 0x63CA96: unpackItem (packStruct.cpp:1888)
   by 0x63E32B: unpackChildStruct (packStruct.cpp:2762)
   by 0x63EC15: unpackPointerItem (packStruct.cpp:3013)
   by 0x63CA96: unpackItem (packStruct.cpp:1888)
   by 0x63E32B: unpackChildStruct (packStruct.cpp:2762)
   by 0x638EFE: unpackStruct (packStruct.cpp:83)
   by 0x69DF9D: rsApiHandler(rsComm_t*, int, BytesBuf*, BytesBuf*) (rsApiHandler.cpp:115)
   by 0x6A0111: readAndProcClientMsg(rsComm_t*, int) (rsApiHandler.cpp:557)
   by 0x576CBF: agentMain(rsComm_t*) (rodsAgent.cpp:355)
   by 0x5757FB: main (rodsAgent.cpp:251)
xu-hao commented 7 years ago

The error seems to be caused by the following:

  1. Bool is not a packable type because there is no packing instruction for it
  2. The rule engine tries to update the value of input variable when the rule finishes. This involves putting a bool type in a msParam_t
  3. It can't pack, so it stops and generate an error code
  4. Before the error code is returned to the user, the rsExecMyRule tries to free the msParamArray which is in an inconsistent state