fix use-after-free in ReadWriteLogRecord

inge4pres · inge4pres · commit e64b064d3ccf · 2026-01-31T17:52:37.000+01:00
Signed-off-by: inge4pres &lt;fgualazzi@gmail.com&gt;
diff --git a/src/api/logs/logger_provider.zig b/src/api/logs/logger_provider.zig
@@ -57,16 +57,31 @@ pub const ReadWriteLogRecord = struct {
     /// Convert to immutable ReadableLogRecord for export
     pub fn toReadable(self: *const Self, allocator: std.mem.Allocator) !ReadableLogRecord {
         const attrs = try allocator.alloc(Attribute, self.attributes.items.len);
+        errdefer allocator.free(attrs);
         @memcpy(attrs, self.attributes.items);
 
+        // Copy severity_text if present
+        const severity_text = if (self.severity_text) |text|
+            try allocator.dupe(u8, text)
+        else
+            null;
+        errdefer if (severity_text) |text| allocator.free(text);
+
+        // Copy body if present
+        const body = if (self.body) |b|
+            try allocator.dupe(u8, b)
+        else
+            null;
+        errdefer if (body) |b| allocator.free(b);
+
         return ReadableLogRecord{
             .timestamp = self.timestamp,
             .observed_timestamp = self.observed_timestamp,
             .trace_id = self.trace_id,
             .span_id = self.span_id,
             .severity_number = self.severity_number,
-            .severity_text = self.severity_text,
-            .body = self.body,
+            .severity_text = severity_text,
+            .body = body,
             .attributes = attrs,
             .resource = self.resource,
             .scope = self.scope,
@@ -92,6 +107,8 @@ pub const ReadableLogRecord = struct {
 
     pub fn deinit(self: Self, allocator: std.mem.Allocator) void {
         allocator.free(self.attributes);
+        if (self.severity_text) |text| allocator.free(text);
+        if (self.body) |b| allocator.free(b);
     }
 };
 
diff --git a/src/sdk/logs/log_record_processor.zig b/src/sdk/logs/log_record_processor.zig
@@ -299,12 +299,6 @@ pub const BatchingLogRecordProcessor = struct {
 
         // Remove exported log records from queue
         std.mem.copyForwards(logs.ReadableLogRecord, self.queue.items, self.queue.items[batch_size..]);
-
-        // Deinit the exported records before shrinking
-        for (export_logs) |log_record| {
-            log_record.deinit(self.allocator);
-        }
-
         self.queue.shrinkRetainingCapacity(self.queue.items.len - batch_size);
 
         // Export the batch (unlock mutex during export)
@@ -314,6 +308,11 @@ pub const BatchingLogRecordProcessor = struct {
         self.exporter.exportLogs(export_logs) catch |err| {
             std.log.err("BatchingLogRecordProcessor failed to export log batch: {}", .{err});
         };
+
+        // Deinit the exported records after export is complete
+        for (export_logs) |log_record| {
+            log_record.deinit(self.allocator);
+        }
     }
 
     fn enabled(ctx: *anyopaque, params: EnabledParameters) bool {
@@ -359,14 +358,25 @@ test "SimpleLogRecordProcessor basic functionality" {
                 const attrs = try self.allocator.alloc(@import("../../attributes.zig").Attribute, log_record.attributes.len);
                 @memcpy(attrs, log_record.attributes);
 
+                // Copy severity_text and body strings since they will be freed after export
+                const severity_text = if (log_record.severity_text) |text|
+                    try self.allocator.dupe(u8, text)
+                else
+                    null;
+
+                const body = if (log_record.body) |b|
+                    try self.allocator.dupe(u8, b)
+                else
+                    null;
+
                 try self.exported_logs.append(self.allocator, .{
                     .timestamp = log_record.timestamp,
                     .observed_timestamp = log_record.observed_timestamp,
                     .trace_id = log_record.trace_id,
                     .span_id = log_record.span_id,
                     .severity_number = log_record.severity_number,
-                    .severity_text = log_record.severity_text,
-                    .body = log_record.body,
+                    .severity_text = severity_text,
+                    .body = body,
                     .attributes = attrs,
                     .resource = log_record.resource,
                     .scope = log_record.scope,
diff --git a/src/sdk/logs/std_log_bridge.zig b/src/sdk/logs/std_log_bridge.zig
@@ -324,3 +324,55 @@ test "std_log_bridge severity text mapping" {
     try std.testing.expectEqualStrings("info", mapSeverityText(.info));
     try std.testing.expectEqualStrings("debug", mapSeverityText(.debug));
 }
+
+const sdk = @import("../../sdk.zig");
+const InMemoryExporter = @import("../../sdk/logs/exporters/generic.zig").InMemoryExporter;
+
+test "std_log_bridge logFn prints text for body" {
+    const provider = try LoggerProvider.init(std.testing.allocator, null);
+    defer provider.deinit();
+
+    var buf = try std.ArrayList(u8).initCapacity(std.testing.allocator, 1024);
+    defer buf.deinit(std.testing.allocator);
+
+    var in_mem: InMemoryExporter = .init(buf.writer(std.testing.allocator));
+    const exporter = in_mem.asLogRecordExporter();
+
+    var simple_processor = sdk.logs.SimpleLogRecordProcessor.init(std.testing.allocator, exporter);
+    const processor = simple_processor.asLogRecordProcessor();
+    try provider.addLogRecordProcessor(processor);
+
+    const cfg = Config{
+        .provider = provider,
+        .also_log_to_stderr = false,
+    };
+
+    try configure(cfg);
+
+    logFn(std.log.Level.debug, .test_scope, "test text", .{});
+
+    const result = try buf.toOwnedSlice(std.testing.allocator);
+    defer std.testing.allocator.free(result);
+    try std.testing.expect(std.mem.indexOf(u8, result, "test text") != null);
+}
+
+test "std_log_bridge shutdown cleans up state" {
+    const allocator = std.testing.allocator;
+
+    var provider = try LoggerProvider.init(allocator, null);
+    defer provider.deinit();
+
+    try configure(.{
+        .provider = provider,
+        .also_log_to_stderr = false,
+    });
+
+    shutdown();
+
+    const state = State.get();
+    state.mutex.lock();
+    defer state.mutex.unlock();
+
+    try std.testing.expect(state.config == null);
+    try std.testing.expect(state.logger == null);
+}
