Double Free in Keystone on destruction [From keystone-enclave-forum]

[dkohlbre]

Via Kaz on mailing list:

I've built and tested keystone on HiFive board using glibc-2.28 instead of glibc-2.26. I'm doing it to get Debian Sid environment on the top of keystone. Almost everything works fine for both keystone-hifive-unleashed and keystone dev branch. A tiny issue found with glibc-2.28 is that tests and demo abort at near the end of the host code with "free(): double free detected in tcache 2". With the attached patch against sdk, they work well for me again.

patch:

diff --git a/lib/host/src/keystone.cpp b/lib/host/src/keystone.cpp
index 1dde700..408e8d8 100644
--- a/lib/host/src/keystone.cpp
+++ b/lib/host/src/keystone.cpp
@@ -16,8 +16,14 @@ Keystone::Keystone()

 Keystone::~Keystone()
 {
-  delete runtimeFile;
-  delete enclaveFile;
+  if(runtimeFile)
+  {
+    delete runtimeFile;
+  }
+  if(enclaveFile)
+  {
+    delete enclaveFile;
+  }
   destroy();
 }

@@ -73,6 +79,8 @@ keystone_status_t Keystone::init(const char* eapppath, const char* runtimepath,
   /* Files were consumed by driver and copied into epm, no longer needed */
   delete enclaveFile;
   delete runtimeFile;
+  enclaveFile = NULL;
+  runtimeFile = NULL;

   if(ret) {
     ERROR("failed to create enclave - ioctl() failed: %d", ret);

[dayeol]

Merged. Closing