Fix stack-use-after-return (ruby#12105)

shioimm · web-flow · commit 3c30af77fea3 · 2024-11-17T10:36:33.000+09:00
http://ci.rvm.jp/results/trunk_asan@ruby-sp1/5409001 ``` ================================================================= ==3263562==ERROR: AddressSanitizer: stack-use-after-return on address 0x735a8f190da8 at pc 0x735a6f58dabc bp 0x735a639ffd10 sp 0x735a639ffd08 READ of size 4 at 0x735a8f190da8 thread T211 ================================================================= ```
diff --git a/ext/socket/ipsocket.c b/ext/socket/ipsocket.c
@@ -226,7 +226,6 @@ struct fast_fallback_inetsock_arg
     int *families;
     int family_size;
     int additional_flags;
-    int cancelled;
     rb_nativethread_lock_t *lock;
     struct fast_fallback_getaddrinfo_entry *getaddrinfo_entries[2];
     struct fast_fallback_getaddrinfo_shared *getaddrinfo_shared;
@@ -322,7 +321,7 @@ cancel_fast_fallback(void *ptr)
 
     rb_nativethread_lock_lock(arg->lock);
     {
-        *arg->cancelled = true;
+        arg->cancelled = true;
         char notification = SELECT_CANCELLED;
         if ((write(arg->notify, &notification, 1)) < 0) {
             rb_syserr_fail(errno, "write(2)");
@@ -649,8 +648,8 @@ init_fast_fallback_inetsock_internal(VALUE v)
         arg->getaddrinfo_shared->wait = hostname_resolution_waiter;
         arg->getaddrinfo_shared->connection_attempt_fds = arg->connection_attempt_fds;
         arg->getaddrinfo_shared->connection_attempt_fds_size = arg->connection_attempt_fds_size;
-        arg->getaddrinfo_shared->cancelled = &arg->cancelled;
-        wait_arg.cancelled = &arg->cancelled;
+        arg->getaddrinfo_shared->cancelled = false;
+        wait_arg.cancelled = false;
 
         for (int i = 0; i < arg->family_size; i++) {
             arg->getaddrinfo_entries[i] = allocate_fast_fallback_getaddrinfo_entry();
@@ -944,7 +943,7 @@ init_fast_fallback_inetsock_internal(VALUE v)
             arg->getaddrinfo_shared
         );
         rb_thread_check_ints();
-        if (errno == EINTR || arg->cancelled) break;
+        if (errno == EINTR || arg->getaddrinfo_shared->cancelled) break;
 
         status = wait_arg.status;
         syscall = "select(2)";
@@ -1272,7 +1271,6 @@ rsock_init_inetsock(VALUE self, VALUE remote_host, VALUE remote_serv, VALUE loca
             fast_fallback_arg.hostp = hostp;
             fast_fallback_arg.portp = portp;
             fast_fallback_arg.additional_flags = additional_flags;
-            fast_fallback_arg.cancelled = false;
 
             int resolving_families[resolving_family_size];
             int resolving_family_index = 0;
diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c
@@ -3093,7 +3093,7 @@ do_fast_fallback_getaddrinfo(void *ptr)
     rb_nativethread_lock_lock(shared->lock);
     {
         entry->err = err;
-        if (*shared->cancelled) {
+        if (shared->cancelled) {
             if (entry->ai) {
                 freeaddrinfo(entry->ai);
                 entry->ai = NULL;
diff --git a/ext/socket/rubysocket.h b/ext/socket/rubysocket.h
@@ -429,7 +429,8 @@ char *port_str(VALUE port, char *pbuf, size_t pbuflen, int *flags_ptr);
 struct fast_fallback_getaddrinfo_shared
 {
     int wait, notify, refcount, connection_attempt_fds_size;
-    int *connection_attempt_fds, *cancelled;
+    int cancelled;
+    int *connection_attempt_fds;
     char *node, *service;
     rb_nativethread_lock_t *lock;
 };

Original file line number	Diff line number	Diff line change
`@@ -3093,7 +3093,7 @@ do_fast_fallback_getaddrinfo(void *ptr)`
`3093`	`3093`	`rb_nativethread_lock_lock(shared->lock);`
`3094`	`3094`	`{`
`3095`	`3095`	`entry->err = err;`
`3096`		`- if (*shared->cancelled) {`
	`3096`	`+ if (shared->cancelled) {`
`3097`	`3097`	`if (entry->ai) {`
`3098`	`3098`	`freeaddrinfo(entry->ai);`
`3099`	`3099`	`entry->ai = NULL;`