[vulnerability] Mismatched free in CProducer

Question

[vulnerability] Mismatched free in CProducer

ChrisZhangJin opened this issue 2 years ago · comments

I found there is a mismatched free in CProducer, scanned by Valgrind.

valgrind report

here is the report sample,

==1570== Mismatched free() / delete / delete []
==1570== at 0x4C2B51D: operator delete(void*) (vg_replace_malloc.c:586)
==1570== by 0x1736BC86: DestroyProducer (in /usr/lib64/librocketmq.so)
... ....
==1570== Address 0xd1cfb10 is 0 bytes inside a block of size 256 alloc'd
==1570== at 0x4C2AC38: operator new[](unsigned long) (vg_replace_malloc.c:433)
==1570== by 0x1736B7F9: CreateProducer (in /usr/lib64/librocketmq.so)
... ....

the corresponding code

I checked the code, and found it was exactly mismatched for deleting a char array.
here is the new

while here is the delete

found version:

I just used 2.0.1 and 2.2.0, but both same with it.

It is a vulnerability, not a literally bug actually.

dinglei · Answer 1 · Wed Jul 06 2022 10:11:49 GMT+0800 (China Standard Time)

yes, it seems a memory leak. could you pls create a pr to fix it?

Chris Zhang · Answer 2 · Thu Jul 07 2022 14:58:19 GMT+0800 (China Standard Time)

i'd love to, but i found it was fixed in master, here is the commit [6523dcc]