jlib pointer ‘newData’ may be used after free on Ubuntu 22.10

Environment

Ubuntu 22.10 GNU 12.2.0

Description

09:01:23 /var/lib/jenkins/workspace/CE-Candidate-8.10.2-kinetic/CE/ubuntu-22-10/HPCC-Platform/system/jlib/jptree.cpp:1036:21: error: pointer ‘newData’ may be used after ‘void free(void*)’ [-Werror=use-after-free]09:01:23 1036 | free(newData);09:01:23 | ~~~_^~~~~~~~09:01:23 /var/lib/jenkins/workspace/CE-Candidate-8.10.2-kinetic/CE/ubuntu-22-10/HPCC-Platform/system/jlib/jptree.cpp:1030:17: note: call to ‘void free(void*)’ here*09:01:23* 1030 | free(newData);09:01:23 | ~~~_^~~~~~~~

Conclusion

None

Activity

Show:

Michael Gardner December 1, 2022 at 7:10 PM

@Gavin Halliday I agree that's the only foreseeable way for it to cause a problem. I added the NULL assignment like Ming suggested and it fixes the compiler error on ubuntu 22.10. I've compiled the ecl, ws_workunits, jlib, esp, & roxie targets as well without issue. So I believe this is the only instance of this specific compiler error. There does seem to be one more compilation error in ws_ecl_service.cpp but Its a format-overflow error and I'll fix it in a different PR.

Gavin Halliday November 29, 2022 at 5:17 PM

This probably should be fixed, but I think it is unlikely to cause a problem in real life. I think it would require compressor->Release() to throw an exception.

Xiaoming Wang November 29, 2022 at 2:59 PM
Edited

https://cwe.mitre.org/data/definitions/416.html
Potential Mitigations

Phase: Architecture and Design
Choose a language that provides automatic memory management.

Phase: Implementation
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

The CWE suggest use "String" to create buffer instead of "malloc". The free uses buffer.reserve(size -1)

For our case maybe just set newData = NULL after call free()

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Components
JLib
Assignee
Michael Gardner
Reporter
Xiaoming Wang
Priority
Not specified
Fix versions
8.10.12
Pull Request URL
https://github.com/hpcc-systems/HPCC-Platform/pull/16752
https://github.com/hpcc-systems/HPCC-Platform/pull/16752
Affects versions
8.10.8

Created November 29, 2022 at 2:30 PM

Updated December 5, 2022 at 12:54 PM

Resolved December 5, 2022 at 12:54 PM

jlib pointer ‘newData’ may be used after free on Ubuntu 22.10

Environment

Description

Conclusion

Activity

Michael Gardner December 1, 2022 at 7:10 PM

Gavin Halliday November 29, 2022 at 5:17 PM

Xiaoming Wang November 29, 2022 at 2:59 PM
Edited

Details
Components
JLib
Assignee
Michael Gardner
Reporter
Xiaoming Wang
Priority
Not specified
Fix versions
8.10.12
Pull Request URL
https://github.com/hpcc-systems/HPCC-Platform/pull/16752
https://github.com/hpcc-systems/HPCC-Platform/pull/16752
Affects versions
8.10.8

Details

Components

Assignee

Reporter

Priority

Fix versions

Pull Request URL

Affects versions

Flag notifications

Something's gone wrong

jlib pointer ‘newData’ may be used after free on Ubuntu 22.10

Environment

Description

Conclusion

Activity

Michael Gardner December 1, 2022 at 7:10 PM

Gavin Halliday November 29, 2022 at 5:17 PM

Xiaoming Wang November 29, 2022 at 2:59 PMEdited

DetailsComponentsJLibAssigneeMichael GardnerMichael GardnerReporterXiaoming WangXiaoming WangPriorityNot specifiedFix versions8.10.12Pull Request URLhttps://github.com/hpcc-systems/HPCC-Platform/pull/16752https://github.com/hpcc-systems/HPCC-Platform/pull/16752Affects versions8.10.8

Details

Components

Assignee

Reporter

Priority

Fix versions

Pull Request URL

Affects versions

Flag notifications

Something's gone wrong

Xiaoming Wang November 29, 2022 at 2:59 PM
Edited

Details
Components
JLib
Assignee
Michael Gardner
Reporter
Xiaoming Wang
Priority
Not specified
Fix versions
8.10.12
Pull Request URL
https://github.com/hpcc-systems/HPCC-Platform/pull/16752
https://github.com/hpcc-systems/HPCC-Platform/pull/16752
Affects versions
8.10.8