Fix memory corruption, use-after-free, and allocation bugs in set_value() and get_value() #52
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit addresses several critical bugs in fkvs core hashtable operations, significantly improving stability, correctness, and safety. ### Fixes in set_value(): - Prevent double-frees and incorrect cleanup paths by distinguishing properly between new and existing entries. - Ensure atomic updates: old values are no longer freed until the new value is fully allocated, preventing value loss on partial failures. - Correctly handle cleanup on any allocation failure without corrupting existing entries or leaving dangling bucket pointers. - Support zero-length values safely. - Remove invalid logic that attempted to detect “new entry” using the bucket head position, which caused corruption and crashes. ### Fixes in get_value(): - Allocate the correct size for value_entry_t instead of sizeof(pointer), which previously caused heap buffer overflows. - Deep-copy value bytes into a new buffer instead of returning internal value pointers. - Remove the use-after-free bug where out->ptr was freed before being returned to the caller. - Ensure the returned value is stable, private, and not tied to internal storage. - Add proper cleanup on allocation failures. Together these changes eliminate multiple memory leaks, double frees, dangling pointers, and use-after-free conditions. The hashtable read and write paths are now correct, atomic, and safe for production workloads.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes several severe memory-safety issues in our hash-table implementation.
Both set_value() and get_value() contained bugs capable of causing:
This PR rewrites the critical sections to ensure correctness, atomicity, and safe memory ownership.
Key Fixes
Improvements to set_value()
Improvements to get_value()
What is the outcome of this?
After this PR:
SET is memory-safe, atomic, and predictable.
GET returns stable, independent values.
No dangling pointers, no double frees, no overwriting internal state.
Instruments reports clean behavior for all tested GET/SET patterns.
Testing
Verified correct behavior on updates, overwrites, and missing keys
Next Steps (Optional Future PRs)