Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Fix use-after-free in FileWatching#59017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Keno merged 1 commit intomasterfromkf/filewatchingfix
Jul 17, 2025
Merged

Fix use-after-free in FileWatching#59017

Keno merged 1 commit intomasterfromkf/filewatchingfix
Jul 17, 2025

Conversation

Keno
Copy link
Member

We observe an abort on Windows on Revise master CI, where a free'd handle is passed to jl_close_uv. This PR appears to fix that issue, though I have yet to understand the full sequence of events that is causing this issue in order to know whether any further changes are required.

Copy link
Member

@vtjnashvtjnash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This already happens behind a lock, so changing it to an atomic seems like nonsense

@Keno
Copy link
MemberAuthor

That lock does not synchronize with the modification in_uv_hook_close as far as I can tell - but regardless it's not a threading thing, so I don't fully understand it yet, as I said in the PR description - it just happens to work.

@Keno
Copy link
MemberAuthor

Ok, the basic issue is that whenuv_fseventscb_file is called with an error, weuvfinalize explicitly, which disassociates the julia struct and frees schedules the handle for freeing (but due to an oversight does not set the handle to NULL). There's a lot of noise after that, with bothclose anduvfinalize called again, but that's the basic fix.

@Keno
Copy link
MemberAuthor

That lock does not synchronize with the modification in_uv_hook_close as far as I can tell

I guess that is always called from inside the uv loop and as long as we require always holdiolock_begin while inside uv_run we're guaranteed to be holding that lock here, so the operative part of this is actually settinghandle toC_NULL duringuvfinalize.

@KenoKeno added this to the1.12 milestoneJul 16, 2025
@KenoKeno added the backport 1.12Change should be backported to release-1.12 labelJul 16, 2025
@Keno

This comment was marked as outdated.

We observe an abort on Windows on Revise master CI, where a free'd handleis passed to jl_close_uv. This PR appears to fix that issue, though I haveyet to understand the full sequence of events that is causing this issuein order to know whether any further changes are required.
@Keno
Copy link
MemberAuthor

@vtjnash any more comments?

Copy link
Member

@vtjnashvtjnash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Nope, that explanation make more sense now. Did we make sure to setuv.handle to NULL in the otheruvfinalize?

@Keno
Copy link
MemberAuthor

Did we make sure to setuv.handle to NULL in the otheruvfinalize?

I did go through them and as far as I can tell this one was the only bad one.

@KenoKeno merged commitb45b429 intomasterJul 17, 2025
7 checks passed
@KenoKeno deleted the kf/filewatchingfix branchJuly 17, 2025 17:19
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@vtjnashvtjnashvtjnash approved these changes

Assignees
No one assigned
Labels
backport 1.12Change should be backported to release-1.12
Projects
None yet
Milestone
1.12
Development

Successfully merging this pull request may close these issues.

2 participants
@Keno@vtjnash
[8]ページ先頭
©2009-2025 Movatter.jp