picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

sd-netlink: fix deep recursion in message destruction (#3455)

Browse source 
On larger systems we might very well see messages with thousands of parts.
When we free them, we must avoid recursing into each part, otherwise we
very likely get stack overflows.

Fix sd_netlink_message_unref() to use an iterative approach rather than
recursion (also avoid tail-recursion in case it is not optimized by the
compiler).
This commit is contained in:
David Herrmann 2016-06-07 10:38:33 +02:00 committed by Lennart Poettering
parent 138f4c6906
commit 82e4eda664
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/libsystemd/sd-netlink/netlink-message.c
View file

@ -120,7 +120,9 @@ sd_netlink_message *sd_netlink_message_ref(sd_netlink_message *m) {
}
sd_netlink_message *sd_netlink_message_unref(sd_netlink_message *m) {
if (m && REFCNT_DEC(m->n_ref) == 0) {
sd_netlink_message *t;
while (m && REFCNT_DEC(m->n_ref) == 0) {
unsigned i;
free(m->hdr);
@ -128,9 +130,9 @@ sd_netlink_message *sd_netlink_message_unref(sd_netlink_message *m) {
for (i = 0; i <= m->n_containers; i++)
free(m->containers[i].attributes);
sd_netlink_message_unref(m->next);
free(m);
t = m;
m = m->next;
free(t);
}
return NULL;