Make sure to set pointers to NULL after freeing them

Shuxin Yang · autarch · commit e2a755f76920 · 2014-09-22T10:59:52.000-05:00
The dangling pointer could incur real problem. This is the problem I run into:
My system is runing nginx built along with ngx_http_geoip2_module and libmaxminddb.
nginx is running with a configuration with a geoip2-directive specifying a file that
dose not exist. like this:

    -----------------------------------------------------------
    geoip2 /my/path/that/dose/not/exist/maxmind-country.mmdb {
        $geoip2_data_country_code default=US country iso_code;
        $geoip2_data_country_name country names en;
    }
    -----------------------------------------------------------

When Nginx is launched with this configuration, ngx_http_geoip2_module call
MMDB_open() which in turn calls free_mmdb_struct() as MMDB_open() was not
successfully open the specified .mmdb file.

Nginx then exit, calling ngx_http_geoip2_cleanup() which call MMDB_close(), which
call free_mmdb_struct().

NOTE that in this senario, free_mmdb_struct() is called *TWICE* upon the same
mmdb! The first call to free_mmdb_struct() yields bunch of dangling pointers, and
the 2nd call to free_mmdb_struct() will call free() on these dangling pointers.

 This fix is just to set those pointer NULL right after the object they pointing
to are deallocated.
diff --git a/Changes.md b/Changes.md
@@ -1,5 +1,12 @@
 * Fixed a number of small issues found by Coverity.
 
+* When freeing the MMDB struct in `MMDB_close()` we make sure to set the
+  pointers to NULL after freeing the memory they point to. This makes it safe
+  to call `MMDB_close` more than once on the same `MMDB_s` struct
+  pointer. Before this change, calling this function twice on the same pointer
+  could cause the code to free memory that belonged to something else in the
+  process. Patch by Shuxin Yang. GitHub PR #41.
+
 ## 1.0.1 - 2014-09-03
 
 * Added missing LICENSE and NOTICE files to distribution. No code changes.
diff --git a/src/maxminddb.c b/src/maxminddb.c
@@ -187,6 +187,8 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size);
         }                                                         \
     } while (0)
 
+#define FREE_AND_SET_NULL(p) { free((void *)(p)); (p) = NULL; }
+
 int MMDB_open(const char *const filename, uint32_t flags, MMDB_s *const mmdb)
 {
     mmdb->file_content = NULL;
@@ -1499,7 +1501,7 @@ LOCAL void free_mmdb_struct(MMDB_s *const mmdb)
     }
 
     if (NULL != mmdb->filename) {
-        free((void *)mmdb->filename);
+        FREE_AND_SET_NULL(mmdb->filename);
     }
     if (NULL != mmdb->file_content) {
 #ifdef _WIN32
@@ -1513,7 +1515,7 @@ LOCAL void free_mmdb_struct(MMDB_s *const mmdb)
     }
 
     if (NULL != mmdb->metadata.database_type) {
-        free((void *)mmdb->metadata.database_type);
+        FREE_AND_SET_NULL(mmdb->metadata.database_type);
     }
 
     free_languages_metadata(mmdb);
@@ -1527,9 +1529,9 @@ LOCAL void free_languages_metadata(MMDB_s *mmdb)
     }
 
     for (size_t i = 0; i < mmdb->metadata.languages.count; i++) {
-        free((char *)mmdb->metadata.languages.names[i]);
+        FREE_AND_SET_NULL(mmdb->metadata.languages.names[i]);
     }
-    free(mmdb->metadata.languages.names);
+    FREE_AND_SET_NULL(mmdb->metadata.languages.names);
 }
 
 LOCAL void free_descriptions_metadata(MMDB_s *mmdb)
@@ -1542,22 +1544,20 @@ LOCAL void free_descriptions_metadata(MMDB_s *mmdb)
         if (NULL != mmdb->metadata.description.descriptions[i]) {
             if (NULL !=
                 mmdb->metadata.description.descriptions[i]->language) {
-                free(
-                    (char *)mmdb->metadata.description.descriptions[i]->
-                    language);
+                FREE_AND_SET_NULL(
+                    mmdb->metadata.description.descriptions[i]->language);
             }
 
             if (NULL !=
                 mmdb->metadata.description.descriptions[i]->description) {
-                free(
-                    (char *)mmdb->metadata.description.descriptions[i]->
-                    description);
+                FREE_AND_SET_NULL(
+                    mmdb->metadata.description.descriptions[i]->description);
             }
-            free(mmdb->metadata.description.descriptions[i]);
+            FREE_AND_SET_NULL(mmdb->metadata.description.descriptions[i]);
         }
     }
 
-    free(mmdb->metadata.description.descriptions);
+    FREE_AND_SET_NULL(mmdb->metadata.description.descriptions);
 }
 
 const char *MMDB_lib_version(void)

Original file line number	Diff line number	Diff line change
`@@ -187,6 +187,8 @@ LOCAL char bytes_to_hex(uint8_t bytes, uint32_t size);`
`187`	`187`	`} \`
`188`	`188`	`} while (0)`
`189`	`189`
	`190`	`+#define FREE_AND_SET_NULL(p) { free((void *)(p)); (p) = NULL; }`
	`191`	`+`
`190`	`192`	`int MMDB_open(const char const filename, uint32_t flags, MMDB_s const mmdb)`
`191`	`193`	`{`
`192`	`194`	`mmdb->file_content = NULL;`
`@@ -1499,7 +1501,7 @@ LOCAL void free_mmdb_struct(MMDB_s *const mmdb)`
`1499`	`1501`	`}`
`1500`	`1502`
`1501`	`1503`	`if (NULL != mmdb->filename) {`
`1502`		`- free((void *)mmdb->filename);`
	`1504`	`+ FREE_AND_SET_NULL(mmdb->filename);`
`1503`	`1505`	`}`
`1504`	`1506`	`if (NULL != mmdb->file_content) {`
`1505`	`1507`	`#ifdef _WIN32`
`@@ -1513,7 +1515,7 @@ LOCAL void free_mmdb_struct(MMDB_s *const mmdb)`
`1513`	`1515`	`}`
`1514`	`1516`
`1515`	`1517`	`if (NULL != mmdb->metadata.database_type) {`
`1516`		`- free((void *)mmdb->metadata.database_type);`
	`1518`	`+ FREE_AND_SET_NULL(mmdb->metadata.database_type);`
`1517`	`1519`	`}`
`1518`	`1520`
`1519`	`1521`	`free_languages_metadata(mmdb);`
`@@ -1527,9 +1529,9 @@ LOCAL void free_languages_metadata(MMDB_s *mmdb)`
`1527`	`1529`	`}`
`1528`	`1530`
`1529`	`1531`	`for (size_t i = 0; i < mmdb->metadata.languages.count; i++) {`
`1530`		`- free((char *)mmdb->metadata.languages.names[i]);`
	`1532`	`+ FREE_AND_SET_NULL(mmdb->metadata.languages.names[i]);`
`1531`	`1533`	`}`
`1532`		`- free(mmdb->metadata.languages.names);`
	`1534`	`+ FREE_AND_SET_NULL(mmdb->metadata.languages.names);`
`1533`	`1535`	`}`
`1534`	`1536`
`1535`	`1537`	`LOCAL void free_descriptions_metadata(MMDB_s *mmdb)`
`@@ -1542,22 +1544,20 @@ LOCAL void free_descriptions_metadata(MMDB_s *mmdb)`
`1542`	`1544`	`if (NULL != mmdb->metadata.description.descriptions[i]) {`
`1543`	`1545`	`if (NULL !=`
`1544`	`1546`	`mmdb->metadata.description.descriptions[i]->language) {`
`1545`		`- free(`
`1546`		`- (char *)mmdb->metadata.description.descriptions[i]->`
`1547`		`- language);`
	`1547`	`+ FREE_AND_SET_NULL(`
	`1548`	`+ mmdb->metadata.description.descriptions[i]->language);`
`1548`	`1549`	`}`
`1549`	`1550`
`1550`	`1551`	`if (NULL !=`
`1551`	`1552`	`mmdb->metadata.description.descriptions[i]->description) {`
`1552`		`- free(`
`1553`		`- (char *)mmdb->metadata.description.descriptions[i]->`
`1554`		`- description);`
	`1553`	`+ FREE_AND_SET_NULL(`
	`1554`	`+ mmdb->metadata.description.descriptions[i]->description);`
`1555`	`1555`	`}`
`1556`		`- free(mmdb->metadata.description.descriptions[i]);`
	`1556`	`+ FREE_AND_SET_NULL(mmdb->metadata.description.descriptions[i]);`
`1557`	`1557`	`}`
`1558`	`1558`	`}`
`1559`	`1559`
`1560`		`- free(mmdb->metadata.description.descriptions);`
	`1560`	`+ FREE_AND_SET_NULL(mmdb->metadata.description.descriptions);`
`1561`	`1561`	`}`
`1562`	`1562`
`1563`	`1563`	`const char *MMDB_lib_version(void)`