[jira] [Commented] (ZOOKEEPER-1029) C client bug in zookeeper_init (if bad hostname is given)

Sun, 18 Oct 2015 10:42:25 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-1029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14962527#comment-14962527
 ] 

Raul Gutierrez Segales commented on ZOOKEEPER-1029:
---------------------------------------------------

Ok, so the bug is that we don't initialize the zh struct after calling calloc() 
in zookeeper_init:

https://github.com/apache/zookeeper/blob/branch-3.4/src/c/src/zookeeper.c#L788

Since we don't, zh->adaptor_priv might not be NULL, which means that when doing 
the following chain of calls:

{code}
destroy() -> cleanup_bufs() -> enter_critical()
{code}

zh->adaptor_priv might be != NULL:

{code}
void enter_critical(zhandle_t* zh)
{
    struct adaptor_threads *adaptor = zh->adaptor_priv;
    if(adaptor)
        pthread_mutex_lock(&adaptor->zh_lock);
}
{code}

At which point, the World crumbles into pieces. So memset() should be all we 
need to be able to safely cleanup after a failed.

Still haven't looked at [~rdermer]'s case for zoo_multi and zoo_amulti. 
Attaching a patch for the first case. 

> C client bug in zookeeper_init (if bad hostname is given)
> ---------------------------------------------------------
>
>                 Key: ZOOKEEPER-1029
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1029
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: c client
>    Affects Versions: 3.3.2, 3.4.6, 3.5.0
>            Reporter: Dheeraj Agrawal
>            Assignee: Raul Gutierrez Segales
>            Priority: Blocker
>             Fix For: 3.4.7, 3.5.2
>
>
> If you give invalid hostname to zookeeper_init method, it's not able to 
> resolve it, and it tries to do the cleanup (free buffer/completion lists/etc) 
> . The adaptor_init() is not called for this code path, so the lock,cond 
> variables (for adaptor, completion lists) are not initialized.
> As part of the cleanup it's trying to clean up some buffers and acquires 
> locks and unlocks (where the locks have not yet been initialized, so 
> unlocking fails) 
>     lock_completion_list(&zh->sent_requests); - pthread_mutex/cond not 
> initialized
>     tmp_list = zh->sent_requests;
>     zh->sent_requests.head = 0;
>     zh->sent_requests.last = 0;
>     unlock_completion_list(&zh->sent_requests);   trying to broadcast here 
> on uninitialized cond
> It should do error checking to see if locking succeeds before unlocking it. 
> If Locking fails, then appropriate error handling has to be done.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to