Skip to content

Comments

config: yaml: fix double-free from freeing state before cleanup on exit.#10199

Merged
edsiper merged 1 commit intomasterfrom
pwhelan-fix-cf-yaml-state-double-free
Apr 16, 2025
Merged

config: yaml: fix double-free from freeing state before cleanup on exit.#10199
edsiper merged 1 commit intomasterfrom
pwhelan-fix-cf-yaml-state-double-free

Conversation

@pwhelan
Copy link
Contributor

@pwhelan pwhelan commented Apr 10, 2025
edited
Loading

Summary

Fix double frees when an error occurs when parsing yaml configuration files, especially with missing include files.

Description

Remove calls to state_destroy on error when it will be cleaned up at the end of the function that parses the yaml configuration.

This fix is meant to address CVE-2025-29477. This is mostly to just encourage code cleanliness.

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
  • Debug log output from testing the change
  • Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

  • Run local packaging test showing all targets (including any new ones) build.
  • Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

  • Documentation required for this feature

Backporting

  • Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

@pwhelan
config: yaml: fix double-free from freeing state before cleanup on exit.
8bf8f2a 
remove calls to state_destroy on error when it will be cleaned up at the end
of the function that parses the yaml configuration.

Signed-off-by: Phillip Whelan <phillip.whelan@chronosphere.io>
@pwhelan
Copy link
Contributor Author

pwhelan commented Apr 10, 2025

I am attaching here a valgrind.log that also shows memory that main is not deallocating but which falls out of scope for this PR.

valgrind.log

@edsiper edsiper added this to the Fluent Bit v4.0.1 milestone Apr 16, 2025
@edsiper
Copy link
Member

edsiper commented Apr 16, 2025

thanks.

note that prefix must be: config_format: yaml: ...

@edsiper edsiper merged commit 7636151 into master Apr 16, 2025
58 checks passed
@edsiper edsiper deleted the pwhelan-fix-cf-yaml-state-double-free branch April 16, 2025 15:45
@BrewTestBot BrewTestBot mentioned this pull request Apr 24, 2025
Merged
nourdouf pushed a commit to seveas/fluent-bit that referenced this pull request Sep 23, 2025
@pwhelan @nourdouf
config_format: yaml: fix double-free from freeing state before cleanu…
ee6ba28 
…p on exit. (fluent#10199)

remove calls to state_destroy on error when it will be cleaned up at the end
of the function that parses the yaml configuration.

Signed-off-by: Phillip Whelan <phillip.whelan@chronosphere.io>
Copilot AI mentioned this pull request Oct 21, 2025
Closed
@lmarch2 lmarch2 mentioned this pull request Oct 21, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@leonardo-albertovich leonardo-albertovich Awaiting requested review from leonardo-albertovich

@fujimotos fujimotos Awaiting requested review from fujimotos

@koleini koleini Awaiting requested review from koleini

Assignees

No one assigned

Labels

docs-required

Projects

None yet

Milestone

Fluent Bit v4.0.1

Development

Successfully merging this pull request may close these issues.

2 participants

@pwhelan @edsiper