Commit e57681fa ("generator: Free closures on failure", v1.5.2) makes
sure that once we copy a callback out of the caller's variable, then
we ensure it is cleaned up on all error paths. But I was developing
two patch series in parallel, and due to botched rebasing on my part,
shortly after, commit 76bc0f0b ("api: Add STRICT_BOUNDS/ZERO_SIZE to
nbd_set_strict_mode", v1.5.3) accidentally re-introduced a return -1
instead of a goto err on one of its two added error checks in the
common handler, and that mistake was then copy-pasted into ba86bfd1
("api: Add STRICT_ALIGN to nbd_set_strict_mode", v1.5.3).
As penance for reintroducing a leak so quickly back then, I'm now
adding some testsuite coverage, which fails without the rw.c changes.
Fixes: 76bc0f0b
Fixes: ba86bfd1
---
lib/rw.c | 4 ++--
tests/errors.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/lib/rw.c b/lib/rw.c
index cb25dbf..4ade750 100644
--- a/lib/rw.c
+++ b/lib/rw.c
@@ -195,13 +195,13 @@ nbd_internal_command_common (struct nbd_handle *h,
if ((h->strict & LIBNBD_STRICT_BOUNDS) &&
(offset > h->exportsize || count > h->exportsize - offset)) {
set_error (count_err, "request out of bounds");
- return -1;
+ goto err;
}
if (h->block_minimum && (h->strict & LIBNBD_STRICT_ALIGN) &&
(offset | count) & (h->block_minimum - 1)) {
set_error (EINVAL, "request is unaligned");
- return -1;
+ goto err;
}
}
diff --git a/tests/errors.c b/tests/errors.c
index f099c7c..2c800c7 100644
--- a/tests/errors.c
+++ b/tests/errors.c
@@ -1,5 +1,5 @@
/* NBD client library in userspace
- * Copyright (C) 2013-2020 Red Hat Inc.
+ * Copyright (C) 2013-2021 Red Hat Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -103,6 +103,29 @@ check_server_fail (struct nbd_handle *h, int64_t cookie,
check (experr, "nbd_aio_command_completed: ");
}
+static bool chunk_clean; /* whether check_chunk has been called */
+static bool completion_clean; /* whether check_completion has been called */
+
+static void
+check_chunk (void *data) {
+ if (chunk_clean) {
+ fprintf (stderr, "%s: test failed: "
+ "chunk callback invoked multiple times\n", progname);
+ exit (EXIT_FAILURE);
+ }
+ chunk_clean = true;
+}
+
+static void
+check_completion (void *data) {
+ if (completion_clean) {
+ fprintf (stderr, "%s: test failed: "
+ "completion callback invoked multiple times\n", progname);
+ exit (EXIT_FAILURE);
+ }
+ completion_clean = true;
+}
+
int
main (int argc, char *argv[])
{
@@ -277,6 +300,26 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE);
}
check (EINVAL, "nbd_aio_pread: ");
+
+ /* We guarantee callbacks will be freed even on all error paths. */
+ if (nbd_aio_pread_structured (nbd, buf, 512, -1,
+ (nbd_chunk_callback) { .free = check_chunk, },
+ (nbd_completion_callback) {
+ .free = check_completion, },
+ 0) != -1) {
+ fprintf (stderr, "%s: test failed: "
+ "nbd_aio_pread_structured did not fail with bogus offset\n",
+ argv[0]);
+ exit (EXIT_FAILURE);
+ }
+ check (EINVAL, "nbd_aio_pread_structured: ");
+ if (!chunk_clean || !completion_clean) {
+ fprintf (stderr, "%s: test failed: "
+ "callbacks not freed on nbd_aio_pread_structured failure\n",
+ argv[0]);
+ exit (EXIT_FAILURE);
+ }
+
/* Read from an invalid offset, server-side */
strict &= ~LIBNBD_STRICT_BOUNDS;
if (nbd_set_strict_mode (nbd, strict) == -1) {
--
2.33.1
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://listman.redhat.com/mailman/listinfo/libguestfs
