Project

General

Profile

Actions
Copy link

Bug #57516

closed

access a destructed temporary variable in rgw_sync_checkpoint.cc

Added by Yuval Lifshitz over 1 year ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
low-hanging-fruit
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
50282
Crash signature (v1):
Crash signature (v2):

Description

in the function "empty()" when "markers.get()" return the default value, m is a reference to a temporary std::string that is already destroyed when "m.empty()" is invoked.
see:

bool empty(const BucketIndexShardsManager& markers, int size)
{
  for (int i = 0; i < size; ++i) {
    const auto& m = markers.get(i, "");
    if (!m.empty()) {
      return false;
    }   
  }
  return true;
}

the default value should be an explicit std::string that lives in the scope. in the above case it could be a static const empty string.
see example: https://godbolt.org/z/WGfE68E65

coverity CID 1511024

Actions
Copy link
 #1

Updated by Yuval Lifshitz over 1 year ago

similar issue exists in "bool operator<"

Actions
Copy link
 #2

Updated by Casey Bodley over 1 year ago

i'm confused, doesn't a const reference extend the lifetime of temporaries? this looks fine to me

Actions
Copy link
 #3

Updated by Yuval Lifshitz over 1 year ago

this is what i was also thinking.
please see the link to the code example.

Actions
Copy link
 #4

Updated by Mohamed Awnallah about 1 year ago

I'm gonna work on this issue

Actions
Copy link
 #5

Updated by Yuval Lifshitz about 1 year ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 50282
Actions
Copy link
 #6

Updated by Yuval Lifshitz 7 months ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link

Also available in: Atom PDF