View Issue Details

IDProjectCategoryView StatusLast Update
0005553unrealircdpublic2020-04-12 17:01
Reportersyzop Assigned Tosyzop  
PrioritynormalSeveritycrashReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version5.0.3 
Fixed in Version5.0.4 
Summary0005553: Crash when unloading module with moddata
DescriptionIt seems the server may crash when unloading a module with moddata if that module has an event added.
This is due to DoEvent -> e_unload_module_delayed -> which unloads the module and removes the event. However:
for (e = events; e; e = e_next)
{
        e_next = e->next;

and the next event may also be deleted, if it happened to belong to the module that just got unloaded.

Reported by PeGaSuS.
TagsNo tags attached.
3rd party modules

Activities

syzop

2020-04-12 16:59

administrator   ~0021450

Should be fixed in https://github.com/unrealircd/unrealircd/commit/9887ef69555ba6b548de88583e10da78100ad00f
I was unable to easily reproduce the case myself (I always prefer reproducing it so i can see a clear 'before and after'-effect) but anyway.. it should be fixed now.

commit 9887ef69555ba6b548de88583e10da78100ad00f (HEAD -> unreal50, origin/unreal50)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sun Apr 12 16:52:43 2020 +0200

    Fix possible crash when unloading a module with moddata.
    This only happens in some circumstances.
    
    From now on EventDel() will simply mark the event as deleted.
    The actual freeing is started in DoEvents() after the event loop.
    This makes it safe to use EventDel() everywhere.
    
    The previous attempt to fix that issue was
    d29a55a8db57a14836fac8ab86bb2ebf1f6fcd7f but it introduced a
    new crash issue for a slightly different case, as mentioned in
    https://bugs.unrealircd.org/view.php?id=5553

Issue History

Date Modified Username Field Change
2020-02-10 19:01 syzop New Issue
2020-02-10 19:01 syzop Assigned To => syzop
2020-02-10 19:01 syzop Status new => confirmed
2020-02-16 18:02 syzop Severity minor => crash
2020-04-12 16:59 syzop Status confirmed => resolved
2020-04-12 16:59 syzop Resolution open => fixed
2020-04-12 16:59 syzop Fixed in Version => 5.0.4
2020-04-12 16:59 syzop Note Added: 0021450