problem : #1649
Merged
problem : #1649
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks! |
bbdb68
pushed a commit
to bbdb68/czmq
that referenced
this pull request
Mar 26, 2017
* pull request zeromq#1649 did not contain test solution : * add shutdown /init sequence in zsys test
bluca
added a commit
that referenced
this pull request
Mar 26, 2017
problem : pull request #1649 did not contain test
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 7, 2017
Solution: reset state if shutdown was clean. Until zeromq#1649, no code could rely on this, because any attempt to call zsys_init() after zsys_shutdown() would assert. And zeromq#1649 has not been part of of any official release yet, so there's no reason to punt this for reasons of back-compat.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 7, 2017
Solution: reset state if shutdown was clean. Until zeromq#1649, no code could rely on this, because any attempt to call zsys_init() after zsys_shutdown() would assert. And zeromq#1649 has not been part of of any official release yet, so there's no reason to punt on this for reasons of back-compat.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 7, 2017
Solution: reset state if shutdown was clean. Until zeromq#1649, no code could rely on this, because any attempt to call zsys_init() after zsys_shutdown() would assert. And zeromq#1649 has not been part of of any official release yet, so there's no reason to punt on this for reasons of back-compat.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 8, 2017
Solution: whenever a pointer is free()'d but not nullifies, a possible double-free or user-after-free bug is at least potentially possible. For example zeromq#1649 is in part a spot fix for this problem. Everywhere in zmq this is preempted almost as a matter of style. For example, the destructor pattern in CLASS, and also in zstr_free(). There's little reason not to replace the calls to free() with a macro that also nullifies the pointer after free()ing it. Many project do this and for good reason, since it eliminates a whole class of bugs. The only downside is that a double-free no longer triggers a SEGV, because what is still a logical error is turned into a silent no-op instead, and it may be the case that the SEGV would have alerted us to other logical errors. But the caveat also applies to callers of CLASS destructors and zstr_free(), so it's a tradeoff which has already been adopted to an extent.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 8, 2017
Solution: unify free/nullify into a FREE_AND_NULL macro whenever a pointer is free()'d but not nullifies, a possible double-free or user-after-free bug is at least potentially possible. For example zeromq#1649 is in part a spot fix for this problem. Everywhere in zmq this is preempted almost as a matter of style. For example, the destructor pattern in CLASS, and also in zstr_free(). There's little reason not to replace the calls to free() with a macro that also nullifies the pointer after free()ing it. Many project do this and for good reason, since it eliminates a whole class of bugs. The only downside I can see is that a double-free no longer triggers a SEGV, because what is still a logical error is turned into a silent no-op instead, and it may be the case that the SEGV would have alerted us to other logical errors. But the caveat also applies to callers of CLASS destructors and zstr_free(), so it's a tradeoff which has already been adopted to an extent.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 8, 2017
Solution: unify free/nullify into a FREE_AND_NULL macro whenever a pointer is free()'d but not nullifies, a possible double-free or user-after-free bug is at least potentially possible. For example zeromq#1649 is in part a spot fix for this problem. Everywhere in zmq this is preempted almost as a matter of style. For example, the destructor pattern in CLASS, and also in zstr_free(). There's little reason not to replace the calls to free() with a macro that also nullifies the pointer after free()ing it. Many project do this and for good reason, since it eliminates a whole class of bugs. The only downside I can see is that a double-free no longer triggers a SEGV, because what is still a logical error is turned into a silent no-op instead, and it may be the case that the SEGV would have alerted us to other logical errors. But the caveat also applies to callers of CLASS destructors and zstr_free(), so it's a trade-off which has already been adopted to an extent.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 8, 2017
Solution: unify free/nullify into a FREE_AND_NULL macro whenever a pointer is free()'d but not nullifies, a possible double-free or user-after-free bug is at least potentially possible. For example zeromq#1649 is in part a spot fix for this problem. Everywhere in zmq this is preempted almost as a matter of style. For example, the destructor pattern in CLASS, and also in zstr_free(). There's little reason not to replace the calls to free() with a macro that also nullifies the pointer after free()ing it. Many project do this and for good reason, as it eliminates a whole class of bugs. The only downside I can see is that a double-free no longer triggers a SEGV, because what is still a logical error is turned into a silent no-op instead, and it may be the case that the SEGV would have alerted us to other logical errors. But the caveat also applies to callers of CLASS destructors and zstr_free(), so it's a trade-off which has already been adopted to an extent.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 8, 2017
Solution: unify free/nullify into a FREE_AND_NULL macro whenever a pointer is free()'d but not nullifies, a double-free or user-after-free bug is at least potentially possible. For example zeromq#1649 is in part a spot fix for this problem. Everywhere in zmq this is preempted almost as a matter of style. For example, the destructor pattern in CLASS, and also in zstr_free(). There's little reason not to replace the calls to free() with a macro that also nullifies the pointer after free()ing it. Many project do this and for good reason, as it eliminates a whole class of bugs. The only downside I can see is that a double-free no longer triggers a SEGV, because what is still a logical error is turned into a silent no-op instead, and it may be the case that the SEGV would have alerted us to other logical errors. But the caveat also applies to callers of CLASS destructors and zstr_free(), so it's a trade-off which has already been adopted to an extent.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 8, 2017
Solution: unify free/nullify into a FREE_AND_NULL macro whenever a pointer is free()'d but not nullifies, a double-free or user-after-free bug is at least potentially possible. For example zeromq#1649 is in part a spot fix for this problem. Everywhere in zmq this is preempted almost as a matter of style. For example, the destructor pattern in CLASS, and also in zstr_free(). There's little reason not to replace the calls to free() with a macro that also nullifies the pointer after free()ing it. Many project do this and for good reason, as it eliminates a whole class of bugs. The only downside I can see is that a double-free no longer triggers a SEGV, because what is still a logical error is turned into a silent no-op instead, and it may be the case that the SEGV would have alerted us to other logical errors. But the caveat also applies to callers of CLASS destructors and zstr_free(), so it's a trade-off which has already been adopted to an extent.
jpitc
added a commit
to jpitc/czmq
that referenced
this pull request
Apr 8, 2017
Solution: unify free/nullify into a FREE_AND_NULL macro whenever a pointer is free()'d but not nullifies, a double-free or user-after-free bug is at least potentially possible. For example zeromq#1649 is in part a spot fix for this problem. Everywhere in zmq this is preempted almost as a matter of style. For example, the destructor pattern in CLASS, and also in zstr_free(). There's little reason not to replace the calls to free() with a macro that also nullifies the pointer after free()ing it. Many project do this and for good reason, as it eliminates a whole class of bugs. The only downside I can see is that a double-free no longer triggers a SEGV, because what is still a logical error is turned into a silent no-op instead, and it may be the case that the SEGV would have alerted us to other logical errors. But the caveat also applies to callers of CLASS destructors and zstr_free(), so it's a trade-off which has already been adopted to an extent.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
czmq cannot be restarted
solution:
ensure static pointers are reset to NULL within zsys_shutdown