[Cs-dev] A potential danger with csoundDestroy()

[Cs-dev] A potential danger with csoundDestroy()

Date	2013-05-14 15:30
From	Francois PINOT
Subject	[Cs-dev] A potential danger with csoundDestroy()
Attachments	None None
	Hello, when csoundDestroy is called to destroy an instance of Csound, the memory used by the struct CSOUND_ pointed by the CSOUND pointer is freed (line 1198 in csound.c). But the pointer itself still points to this memory. If the operating system does not realloc this memory, there's a potential danger. You can see this by running the example below: #include <csound/csound.h> int main(int argc, char argv[]) { CSOUND csound = csoundCreate(NULL); printf("%d\n", (int)csoundGetSr(csound)); csoundDestroy(csound); sleep(10); printf("%d\n", (int)csoundGetKr(csound)); } Normally, the last statement should cause a segfault. On my system, it happily prints 4410 and then the program silently returns. We could change the csoundDestroy signature to csoundDestroy(CSOUND **) so that the procedure can erase the CSOUND pointer when the memory is freed. But this would break backward compatibility. Another solution would be to have a self reference to the struct CSOUND_ at the end of the private data part of the structure. This self-reference would be initialized in csoundCreate and csoundDestroy could use it to erase the opaque pointer. What do you think? Francois

Date	2013-05-14 15:37
From	Michael Gogins
Subject	Re: [Cs-dev] A potential danger with csoundDestroy()
Attachments	None None
	I don't think there is a real problem here. This kind of insecurity comes with the territory in C libraries. The user can be warned about it in the documentation. Regards, Mike On Tue, May 14, 2013 at 10:30 AM, Francois PINOT <fggpinot@gmail.com> wrote: Hello, when csoundDestroy is called to destroy an instance of Csound, the memory used by the struct CSOUND_ pointed by the CSOUND pointer is freed (line 1198 in csound.c). But the pointer itself still points to this memory. If the operating system does not realloc this memory, there's a potential danger. You can see this by running the example below: #include <csound/csound.h> int main(int argc, char argv[]) { CSOUND csound = csoundCreate(NULL); printf("%d\n", (int)csoundGetSr(csound)); csoundDestroy(csound); sleep(10); printf("%d\n", (int)csoundGetKr(csound)); } Normally, the last statement should cause a segfault. On my system, it happily prints 4410 and then the program silently returns. We could change the csoundDestroy signature to csoundDestroy(CSOUND **) so that the procedure can erase the CSOUND pointer when the memory is freed. But this would break backward compatibility. Another solution would be to have a self reference to the struct CSOUND_ at the end of the private data part of the structure. This self-reference would be initialized in csoundCreate and csoundDestroy could use it to erase the opaque pointer. What do you think? Francois ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Csound-devel mailing list Csound-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/csound-devel -- Michael Gogins Irreducible Productions http://www.michael-gogins.com Michael dot Gogins at gmail dot com

Date	2013-05-14 15:46
From	Victor Lazzarini
Subject	Re: [Cs-dev] A potential danger with csoundDestroy()
	Hi François, can you submit a ticket on this? Then we can keep track of it and decide what to do (before the release). This seems to be an issue that has been there since 2004-5, and we have not yet seen it as a cause of problems, but let's review it. Thanks. Regards Victor On 14 May 2013, at 15:30, Francois PINOT wrote: > Hello, > > when csoundDestroy is called to destroy an instance of Csound, the memory used by the struct CSOUND_ pointed by the CSOUND pointer is freed (line 1198 in csound.c). > But the pointer itself still points to this memory. If the operating system does not realloc this memory, there's a potential danger. You can see this by running the example below: > > #include > > int main(int argc, char argv[]) > { > CSOUND csound = csoundCreate(NULL); > printf("%d\n", (int)csoundGetSr(csound)); > csoundDestroy(csound); > sleep(10); > printf("%d\n", (int)csoundGetKr(csound)); > } > > Normally, the last statement should cause a segfault. On my system, it happily prints 4410 and then the program silently returns. > > We could change the csoundDestroy signature to csoundDestroy(CSOUND **) so that the procedure can erase the CSOUND pointer when the memory is freed. But this would break backward compatibility. Another solution would be to have a self reference to the struct CSOUND_ at the end of the private data part of the structure. This self-reference would be initialized in csoundCreate and csoundDestroy could use it to erase the opaque pointer. > > What do you think? > > Francois > ------------------------------------------------------------------------------ > AlienVault Unified Security Management (USM) platform delivers complete > security visibility with the essential security capabilities. Easily and > efficiently configure, manage, and operate all of your security controls > from a single console and one unified framework. Download a free trial. > http://p.sf.net/sfu/alienvault_d2d_______________________________________________ > Csound-devel mailing list > Csound-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/csound-devel Dr Victor Lazzarini Senior Lecturer Dept. of Music NUI Maynooth Ireland tel.: +353 1 708 3545 Victor dot Lazzarini AT nuim dot ie ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Csound-devel mailing list Csound-devel@lists.sourceforge.net

Date	2013-05-14 16:02
From	Francois PINOT
Subject	Re: [Cs-dev] A potential danger with csoundDestroy()
Attachments	None None
	Ticket submitted in Csound6 Francois 2013/5/14 Victor Lazzarini <Victor.Lazzarini@nuim.ie> Hi François, can you submit a ticket on this? Then we can keep track of it and decide what to do (before the release). This seems to be an issue that has been there since 2004-5, and we have not yet seen it as a cause of problems, but let's review it. Thanks. Regards Victor On 14 May 2013, at 15:30, Francois PINOT wrote: > Hello, > > when csoundDestroy is called to destroy an instance of Csound, the memory used by the struct CSOUND_ pointed by the CSOUND pointer is freed (line 1198 in csound.c). > But the pointer itself still points to this memory. If the operating system does not realloc this memory, there's a potential danger. You can see this by running the example below: > > #include <csound/csound.h> > > int main(int argc, char argv[]) > { > CSOUND csound = csoundCreate(NULL); > printf("%d\n", (int)csoundGetSr(csound)); > csoundDestroy(csound); > sleep(10); > printf("%d\n", (int)csoundGetKr(csound)); > } > > Normally, the last statement should cause a segfault. On my system, it happily prints 4410 and then the program silently returns. > > We could change the csoundDestroy signature to csoundDestroy(CSOUND **) so that the procedure can erase the CSOUND pointer when the memory is freed. But this would break backward compatibility. Another solution would be to have a self reference to the struct CSOUND_ at the end of the private data part of the structure. This self-reference would be initialized in csoundCreate and csoundDestroy could use it to erase the opaque pointer. > > What do you think? > > Francois > ------------------------------------------------------------------------------ > AlienVault Unified Security Management (USM) platform delivers complete > security visibility with the essential security capabilities. Easily and > efficiently configure, manage, and operate all of your security controls > from a single console and one unified framework. Download a free trial. > http://p.sf.net/sfu/alienvault_d2d_______________________________________________ > Csound-devel mailing list > Csound-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/csound-devel Dr Victor Lazzarini Senior Lecturer Dept. of Music NUI Maynooth Ireland tel.: +353 1 708 3545 Victor dot Lazzarini AT nuim dot ie ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Csound-devel mailing list Csound-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/csound-devel

Date	2013-05-14 16:08
From	Victor Lazzarini
Subject	Re: [Cs-dev] A potential danger with csoundDestroy()
Attachments	None None
	Thanks. On 14 May 2013, at 16:02, Francois PINOT wrote: Ticket submitted in Csound6 Francois 2013/5/14 Victor Lazzarini <Victor.Lazzarini@nuim.ie> Hi François, can you submit a ticket on this? Then we can keep track of it and decide what to do (before the release). This seems to be an issue that has been there since 2004-5, and we have not yet seen it as a cause of problems, but let's review it. Thanks. Regards Victor On 14 May 2013, at 15:30, Francois PINOT wrote: > Hello, > > when csoundDestroy is called to destroy an instance of Csound, the memory used by the struct CSOUND_ pointed by the CSOUND pointer is freed (line 1198 in csound.c). > But the pointer itself still points to this memory. If the operating system does not realloc this memory, there's a potential danger. You can see this by running the example below: > > #include <csound/csound.h> > > int main(int argc, char argv[]) > { > CSOUND csound = csoundCreate(NULL); > printf("%d\n", (int)csoundGetSr(csound)); > csoundDestroy(csound); > sleep(10); > printf("%d\n", (int)csoundGetKr(csound)); > } > > Normally, the last statement should cause a segfault. On my system, it happily prints 4410 and then the program silently returns. > > We could change the csoundDestroy signature to csoundDestroy(CSOUND **) so that the procedure can erase the CSOUND pointer when the memory is freed. But this would break backward compatibility. Another solution would be to have a self reference to the struct CSOUND_ at the end of the private data part of the structure. This self-reference would be initialized in csoundCreate and csoundDestroy could use it to erase the opaque pointer. > > What do you think? > > Francois > ------------------------------------------------------------------------------ > AlienVault Unified Security Management (USM) platform delivers complete > security visibility with the essential security capabilities. Easily and > efficiently configure, manage, and operate all of your security controls > from a single console and one unified framework. Download a free trial. > http://p.sf.net/sfu/alienvault_d2d_______________________________________________ > Csound-devel mailing list > Csound-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/csound-devel Dr Victor Lazzarini Senior Lecturer Dept. of Music NUI Maynooth Ireland tel.: +353 1 708 3545 Victor dot Lazzarini AT nuim dot ie ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Csound-devel mailing list Csound-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/csound-devel ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d_______________________________________________ Csound-devel mailing list Csound-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/csound-devel Dr Victor Lazzarini Senior Lecturer Dept. of Music NUI Maynooth Ireland tel.: +353 1 708 3545 Victor dot Lazzarini AT nuim dot ie