From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <reyuki@gnuweeb.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	server-vie001.gnuweeb.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_DBL_BLOCKED_OPENDNS,
	URIBL_ZEN_BLOCKED_OPENDNS autolearn=ham autolearn_force=no
	version=3.4.6
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org;
	s=new2025; t=1757500140;
	bh=N2cSX06wq+eN3UXQBXDIEL89cAvdddHqXEsV/c/GWHU=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type:Content-Transfer-Encoding:Message-ID:Date:From:
	 Reply-To:Subject:To:Cc:In-Reply-To:References:Resent-Date:
	 Resent-From:Resent-To:Resent-Cc:User-Agent:Content-Type:
	 Content-Transfer-Encoding;
	b=GAbIOR1iaXEYgiVVPRxjiqhVKVw9ZMwvXUfDNj2mtfPydpww5FS6184KcyydpxZh+
	 pH4jgOm2r7uMDhuJ+ZFQz61Tji8hlQMyvM1onixp0qnFLCESDF4ZPudrsjfxHwXO4e
	 4uVLT8LoyO2y8MuqESou5R/TMjIcDA0VS8IjLeemvvVi5wF+CqFfyG372+1BCXRRym
	 mw+2V7k6MFxg9W/2ll9oUzY9ObkiEbxFXDzi66Yq6PUisM1FlpHLVj3zrJZfV4uc2Z
	 smFUMZJ0/xP965FC9mcomMU4uGZ4B0e2lYbpeeoiIx6NGh6xUOUwngML5TjimQ0ZIy
	 bNG9rQYna6jSw==
Received: from mail-lj1-f175.google.com (mail-lj1-f175.google.com [209.85.208.175])
	by server-vie001.gnuweeb.org (Postfix) with ESMTPSA id E629A3127955
	for <gwml@vger.gnuweeb.org>; Wed, 10 Sep 2025 10:29:00 +0000 (UTC)
Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-336a85b8fc5so49130361fa.3
        for <gwml@vger.gnuweeb.org>; Wed, 10 Sep 2025 03:29:00 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCX8d9UrbIWH/fshzhx1/4J3MtucHYCj84dCdvFq0C1QvzVOzoZylgRFvCX/yQuMfk00MsDa@vger.gnuweeb.org
X-Gm-Message-State: AOJu0YyAtUqDnJSwE0c7zQLsHFJNde7qiYavLEGmDo37aqNFO0kkmKz1
	juHCL/Byv0m0P0yHY68bHo/cTlRXzde3J9NWKR0iFO4A7xc/i9y0EmR6YiSYh5rya6hyKJ2000H
	wT2e5cP4rGnVAGfwkXXna9OSSjEfdXog=
X-Google-Smtp-Source: AGHT+IG72FCDjjzMJFTDpnbwTynPfVYoZjbnkhhb2SanzwCqK0VO6TvqnBC64ztBPbMBIfHmELAqt97Zkc3LVsIXp9U=
X-Received: by 2002:a05:651c:411a:b0:336:7a78:4b67 with SMTP id
 38308e7fff4ca-33b52b72cacmr30199271fa.33.1757500140225; Wed, 10 Sep 2025
 03:29:00 -0700 (PDT)
MIME-Version: 1.0
References: <20250910030512.551673-1-reyuki@gnuweeb.org> <20250910030512.551673-3-reyuki@gnuweeb.org>
 <CAOG64qNbY_9JOXJy=VodkHTgTV4MExVdAFWan-XC-ed=bPWoAQ@mail.gmail.com>
In-Reply-To: <CAOG64qNbY_9JOXJy=VodkHTgTV4MExVdAFWan-XC-ed=bPWoAQ@mail.gmail.com>
From: Ahmad Gani <reyuki@gnuweeb.org>
Date: Wed, 10 Sep 2025 17:28:23 +0700
X-Gmail-Original-Message-ID: <CAADvAgoEm+cF98K=CMRRDQEU1JbaZt6s7myP44GHshc_ozVxaA@mail.gmail.com>
X-Gm-Features: Ac12FXwwtRg24WgFFRXgVIcE14qKtdnNS2_3x_eZF--NzgMPO-pKtFD6shxp1Fo
Message-ID: <CAADvAgoEm+cF98K=CMRRDQEU1JbaZt6s7myP44GHshc_ozVxaA@mail.gmail.com>
Subject: Re: [PATCH gwproxy v9 2/2] gwproxy: refactor code base to add
 experimental raw DNS backend
To: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Cc: Ammar Faizi <ammarfaizi2@gnuweeb.org>, "GNU/Weeb Mailing List" <gwml@vger.gnuweeb.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <gwml.vger.gnuweeb.org>

On Wed, Sep 10, 2025 at 5:01=E2=80=AFPM Alviro Iskandar Setiawan wrote:
> On Wed, Sep 10, 2025 at 10:07=E2=80=AFAM Ahmad Gani wrote:
> > +       cfg =3D &w->ctx->cfg;
> > +       resolv =3D &w->dns_resolver;
> > +       p1 =3D realloc(resolv->stack.arr, cfg->sess_map_cap * sizeof(*r=
esolv->stack.arr));
> > +       if (!p1)
> > +               return;
> > +       p2 =3D realloc(resolv->sess_map, cfg->sess_map_cap * sizeof(*re=
solv->sess_map));
> > +       if (!p2)
> > +               return;
>
> This is absolutely stupid. You're messing with a simple C object
> without understanding even the basics regarding their handling.
>
> Just because it's a shrink operation, it doesn't mean realloc() will
> always spit out the same pointer you fed it.
>
> If "realloc(X, new_size)" succeeds, there's no guarantee the returned
> pointer matches the one you passed. 'X' could be invalid after the
> realloc() call.
>
> So, if "p2 =3D realloc()" fails, you could be leaking p1, and
> ->stack.arr might be invalid too, yet it's still used. Clearly, this
> one mistake results in double bugs, use-after-free and memory leak,
> because realloc() might free the pointer you gave it and allocate a
> new memory area with a different address.

Sorry, I'm not aware of that, will fix it, thanks!

--
Unemployed
Ahmad Gani