#3917 Double free error in tev_curl
Closed: Fixed 2 years ago Opened 2 years ago by atikhonov.

When tev_curl.c : schedule_fd_processing() schedules new timer event by request of libcurl, it cancels previous timer:

talloc_zfree(tctx->process_timer);

That's fine if:
* timer was not set (i.e. process_timer == NULL)
* didn't fire yet
* in the process of execution (that happens, but timer's "destructor" protects mem from being freed)

But that leads to double free if timer has already fired (since libtevent deletes event after execution):

[sssd[kcm]] [schedule_fd_processing] (0x2000): timeout_ms: 0
[sssd[kcm]] [schedule_fd_processing] (0x2000):  trying to release non-zero ptr (0x564e354033b0)
[sssd[kcm]] [talloc_log_fn] (0x0010): Bad talloc magic value - unknown value

While nature of this bug has nothing specific to Debian, from my observation this is exactly the reason why Internal CI fails on debian_testing machine. It seems timings are a little bit different there and chances of timer to be executed before schedule_fd_processing tries (and fails) to delete it are higher.


Metadata Update from @atikhonov:
- Issue assigned to atikhonov

2 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1

2 years ago

Can we also close #3897 after this commit?

Can we also close #3897 after this commit?

Commented there

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4902

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata