cmetrics icon indicating copy to clipboard operation
cmetrics copied to clipboard
verified publisher icon fluent

decode: prometheus: fix to avoid freeing non-malloced data

Open DavidKorczynski opened this issue 2 years ago • 3 comments

The fuzzer in https://github.com/fluent/fluent-bit/pull/7745 found a bug that shows the prometheus decoder is sometimes freeing data that is not malloced. This is an attempt to fix that.

Please do verify this -- the fuzzer no longer finds the issue here and the bug is obvious, however, for coming up with a fix I found the code a bit tricky to validate as I'm not deeply familiar with this decoder.

DavidKorczynski avatar Jul 24 '23 17:07 DavidKorczynski

ping @DavidKorczynski on changes requested

edsiper avatar Feb 23 '24 18:02 edsiper

I think the issue highlighted by this PR may need a more substantial fix. There is mixing of dynamically allocated memory and non-dynamically allocated memory, and in order to achieve consistency there is some rewriting needed (not just fixing). I think the owner/maintainer of the code should address the issues -- @tarruda can you assist here?

DavidKorczynski avatar Feb 27 '24 14:02 DavidKorczynski

@tarruda it seems this needs a more elaborated solution. would you please take a look at it ? (cc: @niedbalski for visibility)

edsiper avatar Mar 07 '24 14:03 edsiper