core: harden lifecycle and random ID handling#87
Draft
edsiper wants to merge 1 commit into
Draft
Conversation
Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
getrandom()capability probe and add lifecycle/random-ID regression coverageRoot cause and impact
ctr_resource_span_destroy()freed resource spans without unlinking them from the owning trace context. Direct destruction could therefore leave a dangling list node that was traversed again byctr_destroy(), resulting in a use-after-free or double-free.The destructor now unlinks nodes that are still attached. It also detects an already-unlinked node, preserving the existing Fluent Bit trace sampling processor sequence of manually unlinking before destruction.
Several replacement setters also released their existing allocation before creating the replacement. Allocation failure could leave dangling pointers and trigger later double-frees. Replacements are now allocated before the old value is released.
Random generation previously accepted short reads and could leave zero-filled bytes in generated IDs. The Unix implementations now retry interrupted operations and require the requested buffer to be filled completely.
Validation
ASAN_OPTIONS=detect_leaks=1 ctest --test-dir build --output-on-failure-fanalyzerbuild completedctraces-simple-c-apiexample completed successfullygit diff --checkThe resource-span regression test covers both direct destruction and Fluent Bit's existing manual-unlink sampling pattern.