[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Remove NULL checks for *_free() calls

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Remove NULL checks for *_free() calls
From: Zack Weinberg <zackw@xxxxxxxxx>
Date: Mon, 31 Aug 2015 10:29:31 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 31 Aug 2015 10:47:09 -0400
In-reply-to: <CALogXGU6x0Yzyhf8BAzwo7CNpaCumtRReMca=CuV3OGzn=UzwA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20150831001333.GA13229@xxxxxxxxxxxxxxxxxxxxxxx> <CALogXGU6x0Yzyhf8BAzwo7CNpaCumtRReMca=CuV3OGzn=UzwA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, Aug 30, 2015 at 10:37 PM, Mansour Moufid
<mansourmoufid@xxxxxxxxx> wrote:
> On Sun, Aug 30, 2015 at 8:13 PM, Michael McConville
> <mmcconv1@xxxxxxxxxxxxxxxxxxx> wrote:
>
>> free() is specified to be NULL-safe, and I don't know of any
>> implementations that violate this.
>
> I think those NULL checks are meant to avoid double-free bugs.  If you
> assign NULL to a pointer after you free it and check all pointers
> before free, you avoid trying to free it again.

The thing you may not realize is that free(0) is specified to do
nothing.  This was in the 1989 C standard, so it should be safe to
rely on. I imagine running a Tor relay on SunOS 4.1.x would be a
terrible idea for reasons having nothing to do with the code (e.g.
predictable TCP sequence numbers).

As such, the check is always fully redundant; you get the effect
you're talking about by writing e.g.

    X509_free(x509)
    x509 = 0;

without the if.

> But you did find some places they forgot to assign NULL after free.

Unfortunately, setting pointers to 0 after free doesn't help avoid
double free bugs in practice.  Double frees happen when there are two
different pointers to the same memory block and both holders think
it's their responsibility to deallocate the object.  Clearing one
pointer does precisely nothing to the *other* pointer.

zw
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Remove NULL checks for *_free() calls
  - From: Michael McConville
- Re: [tor-dev] Remove NULL checks for *_free() calls
  - From: Mansour Moufid

Prev by Author: Re: [tor-dev] "Seeing through Network-Protocol Obfuscation"
Previous by thread: Re: [tor-dev] Remove NULL checks for *_free() calls
Next by thread: Re: [tor-dev] Remove NULL checks for *_free() calls
Index(es):
- Author
- Thread