VirtualBox

Changeset 77506 in vbox for trunk/src/VBox/Main/src-server


Ignore:
Timestamp:
Feb 28, 2019 4:25:19 PM (6 years ago)
Author:
vboxsync
Message:

Main/HostDnsService: fix a use-after-free running VBoxSVC in debug mode.
bugref:9144: AddressSanitizer: heap-use-after-free in VBoxSVC in HostDnsMonitor::pollGlobalExtraData()
This did not trigger during normal usage, but when debugging and keeping
VBoxSVC around it did. The change terminates the Host DNS monitor thread
properly when the VirtualBox object is destroyed, which in normal use also
ends the process.

Location:
trunk/src/VBox/Main/src-server
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Main/src-server/HostDnsService.cpp

    r76592 r77506  
    154154void HostDnsMonitor::shutdown()
    155155{
    156     /** @todo never called.
    157      * HostDnsMonitor should be referenced by HostDnsMonitorProxy objects and the Host object
    158      * and automatically deleted when not referenced anymore.
    159      * Currently HostDnsMonitor can use already deleted m->virtualbox.
    160      */
     156    monitorThreadShutdown();
     157    int rc = RTThreadWait(m->hMonitoringThread, 5000, NULL);
     158    AssertRCSuccess(rc);
    161159}
    162160
     
    179177        rc = RTThreadCreate(&m->hMonitoringThread,
    180178                            HostDnsMonitor::threadMonitoringRoutine,
    181                             this, 128 * _1K, RTTHREADTYPE_IO, 0, "dns-monitor");
     179                            this, 128 * _1K, RTTHREADTYPE_IO,
     180                            RTTHREADFLAGS_WAITABLE, "dns-monitor");
    182181        AssertRCReturn(rc, E_FAIL);
    183182
     
    267266HostDnsMonitorProxy::~HostDnsMonitorProxy()
    268267{
    269     if (m)
    270     {
    271         /* XXX: m->monitor */
    272         delete m;
    273         m = NULL;
    274     }
     268    Assert(!m);
    275269}
    276270
     
    282276}
    283277
     278
     279void HostDnsMonitorProxy::uninit()
     280{
     281    m->monitor->shutdown();
     282    delete m;
     283    m = NULL;
     284}
    284285
    285286void HostDnsMonitorProxy::notify(const HostDnsInformation &info)

  • trunk/src/VBox/Main/src-server/HostDnsService.h

    r76562 r77506  
    5858  public:
    5959    static HostDnsMonitor *createHostDnsMonitor();
    60     static void shutdown();
     60    void shutdown();
    6161
    6262    /* @note: method will wait till client call
     
    9595    ~HostDnsMonitorProxy();
    9696    void init(VirtualBox *virtualbox);
     97    void uninit();
    9798    void notify(const HostDnsInformation &info);
    9899

  • trunk/src/VBox/Main/src-server/HostImpl.cpp

    r77436 r77506  
    498498        m->llNetIfs.pop_front();
    499499    }
     500
     501    m->hostDnsMonitorProxy.uninit();
    500502
    501503#ifdef VBOX_WITH_USB
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette