Fix undefined behavior defined by ASAN (valkey-io#1451)

madolson · zuiderkwast · kronwerk · commit cbe08dd0f29a · 2025-01-27T18:35:44.000+03:00
Asan now supports making sure you are passing in the correct pointer
type, which seems useful but we can't support it since we pass in an
incorrect pointer in several places. This is most commonly done with
generic free functions, where we simply cast it to the correct type.

It's not a lot of code to clean up, so it seems appropriate to cleanup
instead of disabling the check.

---------

Signed-off-by: Madelyn Olson &lt;madelyneolson@gmail.com&gt;
Co-authored-by: Viktor Söderqvist &lt;viktor.soderqvist@est.tech&gt;
diff --git a/src/acl.c b/src/acl.c
@@ -297,11 +297,6 @@ int ACLListMatchSds(void *a, void *b) {
     return sdscmp(a, b) == 0;
 }
 
-/* Method to free list elements from ACL users password/patterns lists. */
-void ACLListFreeSds(void *item) {
-    sdsfree(item);
-}
-
 /* Method to duplicate list elements from ACL users password/patterns lists. */
 void *ACLListDupSds(void *item) {
     return sdsdup(item);
@@ -374,7 +369,7 @@ aclSelector *ACLCreateSelector(int flags) {
     listSetFreeMethod(selector->patterns, ACLListFreeKeyPattern);
     listSetDupMethod(selector->patterns, ACLListDupKeyPattern);
     listSetMatchMethod(selector->channels, ACLListMatchSds);
-    listSetFreeMethod(selector->channels, ACLListFreeSds);
+    listSetFreeMethod(selector->channels, sdsfreeVoid);
     listSetDupMethod(selector->channels, ACLListDupSds);
     memset(selector->allowed_commands, 0, sizeof(selector->allowed_commands));
 
@@ -445,7 +440,7 @@ user *ACLCreateUser(const char *name, size_t namelen) {
     u->passwords = listCreate();
     u->acl_string = NULL;
     listSetMatchMethod(u->passwords, ACLListMatchSds);
-    listSetFreeMethod(u->passwords, ACLListFreeSds);
+    listSetFreeMethod(u->passwords, sdsfreeVoid);
     listSetDupMethod(u->passwords, ACLListDupSds);
 
     u->selectors = listCreate();
@@ -489,6 +484,11 @@ void ACLFreeUser(user *u) {
     zfree(u);
 }
 
+/* Used for generic free functions. */
+static void ACLFreeUserVoid(void *u) {
+    ACLFreeUser(u);
+}
+
 /* When a user is deleted we need to cycle the active
  * connections in order to kill all the pending ones that
  * are authenticated with such user. */
@@ -2445,12 +2445,12 @@ sds ACLLoadFromFile(const char *filename) {
             c->user = new_user;
         }
 
-        if (user_channels) raxFreeWithCallback(user_channels, (void (*)(void *))listRelease);
-        raxFreeWithCallback(old_users, (void (*)(void *))ACLFreeUser);
+        if (user_channels) raxFreeWithCallback(user_channels, listReleaseVoid);
+        raxFreeWithCallback(old_users, ACLFreeUserVoid);
         sdsfree(errors);
         return NULL;
     } else {
-        raxFreeWithCallback(Users, (void (*)(void *))ACLFreeUser);
+        raxFreeWithCallback(Users, ACLFreeUserVoid);
         Users = old_users;
         errors =
             sdscat(errors, "WARNING: ACL errors detected, no change to the previously active ACL rules was performed");
diff --git a/src/adlist.c b/src/adlist.c
@@ -77,6 +77,12 @@ void listRelease(list *list) {
     zfree(list);
 }
 
+/* Just like listRelease, but takes the list as a (void *).
+ * Useful as generic free callback. */
+void listReleaseVoid(void *l) {
+    listRelease((list *)l);
+}
+
 /* Add a new node to the list, to head, containing the specified 'value'
  * pointer as value.
  *
diff --git a/src/adlist.h b/src/adlist.h
@@ -72,6 +72,7 @@ typedef struct list {
 /* Prototypes */
 list *listCreate(void);
 void listRelease(list *list);
+void listReleaseVoid(void *list);
 void listEmpty(list *list);
 list *listAddNodeHead(list *list, void *value);
 list *listAddNodeTail(list *list, void *value);
diff --git a/src/call_reply.c b/src/call_reply.c
@@ -559,7 +559,7 @@ CallReply *callReplyCreateError(sds reply, void *private_data) {
         sdsfree(reply);
     }
     list *deferred_error_list = listCreate();
-    listSetFreeMethod(deferred_error_list, (void (*)(void *))sdsfree);
+    listSetFreeMethod(deferred_error_list, sdsfreeVoid);
     listAddNodeTail(deferred_error_list, sdsnew(err_buff));
     return callReplyCreate(err_buff, deferred_error_list, private_data);
 }
diff --git a/src/db.c b/src/db.c
@@ -1193,7 +1193,7 @@ void scanGenericCommand(client *c, robj *o, unsigned long long cursor) {
      * are deep copied temporary strings. We must not free them if they are just
      * a shallow copy - a pointer to the actual data in the data structure */
     if (!shallow_copied_list_items) {
-        listSetFreeMethod(keys, (void (*)(void *))sdsfree);
+        listSetFreeMethod(keys, sdsfreeVoid);
     }
 
     /* For main hash table scan or scannable data structure. */
diff --git a/src/defrag.c b/src/defrag.c
@@ -421,7 +421,7 @@ static void activeDefragQuickListNodes(quicklist *ql) {
 static void defragLater(robj *obj) {
     if (!defrag_later) {
         defrag_later = listCreate();
-        listSetFreeMethod(defrag_later, (void (*)(void *))sdsfree);
+        listSetFreeMethod(defrag_later, sdsfreeVoid);
         defrag_later_cursor = 0;
     }
     sds key = sdsdup(objectGetKey(obj));
diff --git a/src/eval.c b/src/eval.c
@@ -204,7 +204,7 @@ void scriptingInit(int setup) {
      * and we need to free them respectively. */
     lctx.lua_scripts = dictCreate(&shaScriptObjectDictType);
     lctx.lua_scripts_lru_list = listCreate();
-    listSetFreeMethod(lctx.lua_scripts_lru_list, (void (*)(void *))sdsfree);
+    listSetFreeMethod(lctx.lua_scripts_lru_list, sdsfreeVoid);
     lctx.lua_scripts_mem = 0;
 
     luaRegisterServerAPI(lua);
@@ -777,7 +777,7 @@ void ldbInit(void) {
     ldb.conn = NULL;
     ldb.active = 0;
     ldb.logs = listCreate();
-    listSetFreeMethod(ldb.logs, (void (*)(void *))sdsfree);
+    listSetFreeMethod(ldb.logs, sdsfreeVoid);
     ldb.children = listCreate();
     ldb.src = NULL;
     ldb.lines = 0;
diff --git a/src/functions.c b/src/functions.c
@@ -348,7 +348,7 @@ libraryJoin(functionsLibCtx *functions_lib_ctx_dst, functionsLibCtx *functions_l
             } else {
                 if (!old_libraries_list) {
                     old_libraries_list = listCreate();
-                    listSetFreeMethod(old_libraries_list, (void (*)(void *))engineLibraryFree);
+                    listSetFreeMethod(old_libraries_list, engineLibraryDispose);
                 }
                 libraryUnlink(functions_lib_ctx_dst, old_li);
                 listAddNodeTail(old_libraries_list, old_li);
diff --git a/src/listpack.c b/src/listpack.c
@@ -250,6 +250,12 @@ void lpFree(unsigned char *lp) {
     lp_free(lp);
 }
 
+/* Same as lpFree, but useful for when you are passing the listpack
+ * into a generic free function that expects (void *) */
+void lpFreeVoid(void *lp) {
+    lp_free((unsigned char *)lp);
+}
+
 /* Shrink the memory to fit. */
 unsigned char *lpShrinkToFit(unsigned char *lp) {
     size_t size = lpGetTotalBytes(lp);
diff --git a/src/listpack.h b/src/listpack.h
@@ -56,6 +56,7 @@ typedef struct {
 
 unsigned char *lpNew(size_t capacity);
 void lpFree(unsigned char *lp);
+void lpFreeVoid(void *lp);
 unsigned char *lpShrinkToFit(unsigned char *lp);
 unsigned char *
 lpInsertString(unsigned char *lp, unsigned char *s, uint32_t slen, unsigned char *p, int where, unsigned char **newp);
diff --git a/src/module.c b/src/module.c
@@ -10399,7 +10399,7 @@ ValkeyModuleServerInfoData *VM_GetServerInfo(ValkeyModuleCtx *ctx, const char *s
  * context instead of passing NULL. */
 void VM_FreeServerInfo(ValkeyModuleCtx *ctx, ValkeyModuleServerInfoData *data) {
     if (ctx != NULL) autoMemoryFreed(ctx, VALKEYMODULE_AM_INFO, data);
-    raxFreeWithCallback(data->rax, (void (*)(void *))sdsfree);
+    raxFreeWithCallback(data->rax, sdsfreeVoid);
     zfree(data);
 }
 
diff --git a/src/networking.c b/src/networking.c
@@ -556,7 +556,7 @@ void afterErrorReply(client *c, const char *s, size_t len, int flags) {
     if (c->flag.module) {
         if (!c->deferred_reply_errors) {
             c->deferred_reply_errors = listCreate();
-            listSetFreeMethod(c->deferred_reply_errors, (void (*)(void *))sdsfree);
+            listSetFreeMethod(c->deferred_reply_errors, sdsfreeVoid);
         }
         listAddNodeTail(c->deferred_reply_errors, sdsnewlen(s, len));
         return;
diff --git a/src/replication.c b/src/replication.c
@@ -282,7 +282,7 @@ void removeReplicaFromPsyncWait(client *replica_main_client) {
 void resetReplicationBuffer(void) {
     server.repl_buffer_mem = 0;
     server.repl_buffer_blocks = listCreate();
-    listSetFreeMethod(server.repl_buffer_blocks, (void (*)(void *))zfree);
+    listSetFreeMethod(server.repl_buffer_blocks, zfree);
 }
 
 int canFeedReplicaReplBuffer(client *replica) {
diff --git a/src/t_stream.c b/src/t_stream.c
@@ -54,6 +54,7 @@
 #define STREAM_LISTPACK_MAX_SIZE (1 << 30)
 
 void streamFreeCG(streamCG *cg);
+void streamFreeCGVoid(void *cg);
 void streamFreeNACK(streamNACK *na);
 size_t streamReplyWithRangeFromConsumerPEL(client *c,
                                            stream *s,
@@ -86,8 +87,8 @@ stream *streamNew(void) {
 
 /* Free a stream, including the listpacks stored inside the radix tree. */
 void freeStream(stream *s) {
-    raxFreeWithCallback(s->rax, (void (*)(void *))lpFree);
-    if (s->cgroups) raxFreeWithCallback(s->cgroups, (void (*)(void *))streamFreeCG);
+    raxFreeWithCallback(s->rax, lpFreeVoid);
+    if (s->cgroups) raxFreeWithCallback(s->cgroups, streamFreeCGVoid);
     zfree(s);
 }
 
@@ -2454,6 +2455,11 @@ void streamFreeConsumer(streamConsumer *sc) {
     zfree(sc);
 }
 
+/* Used for generic free functions. */
+static void streamFreeConsumerVoid(void *sc) {
+    streamFreeConsumer((streamConsumer *)sc);
+}
+
 /* Create a new consumer group in the context of the stream 's', having the
  * specified name, last server ID and reads counter. If a consumer group with
  * the same name already exists NULL is returned, otherwise the pointer to the
@@ -2473,11 +2479,16 @@ streamCG *streamCreateCG(stream *s, char *name, size_t namelen, streamID *id, lo
 
 /* Free a consumer group and all its associated data. */
 void streamFreeCG(streamCG *cg) {
-    raxFreeWithCallback(cg->pel, (void (*)(void *))streamFreeNACK);
-    raxFreeWithCallback(cg->consumers, (void (*)(void *))streamFreeConsumer);
+    raxFreeWithCallback(cg->pel, zfree);
+    raxFreeWithCallback(cg->consumers, streamFreeConsumerVoid);
     zfree(cg);
 }
 
+/* Used for generic free functions. */
+void streamFreeCGVoid(void *cg) {
+    streamFreeCG((streamCG *)cg);
+}
+
 /* Lookup the consumer group in the specified stream and returns its
  * pointer, otherwise if there is no such group, NULL is returned. */
 streamCG *streamLookupCG(stream *s, sds groupname) {
diff --git a/src/unit/test_listpack.c b/src/unit/test_listpack.c
@@ -1184,7 +1184,7 @@ int test_listpackStressWithRandom(int argc, char **argv, int flags) {
     for (i = 0; i < iteration; i++) {
         lp = lpNew(0);
         ref = listCreate();
-        listSetFreeMethod(ref, (void (*)(void *))sdsfree);
+        listSetFreeMethod(ref, sdsfreeVoid);
         len = rand() % 256;
 
         /* Create lists */
diff --git a/src/unit/test_ziplist.c b/src/unit/test_ziplist.c
@@ -645,7 +645,7 @@ int test_ziplistStressWithRandomPayloadsOfDifferentEncoding(int argc, char **arg
     for (i = 0; i < iteration; i++) {
         zl = ziplistNew();
         ref = listCreate();
-        listSetFreeMethod(ref, (void (*)(void *))sdsfree);
+        listSetFreeMethod(ref, sdsfreeVoid);
         len = rand() % 256;
 
         /* Create lists */

Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,12 @@ void listRelease(list *list) {`
`77`	`77`	`zfree(list);`
`78`	`78`	`}`
`79`	`79`
	`80`	`+/* Just like listRelease, but takes the list as a (void *).`
	`81`	`+ * Useful as generic free callback. */`
	`82`	`+void listReleaseVoid(void *l) {`
	`83`	`+ listRelease((list *)l);`
	`84`	`+}`
	`85`	`+`
`80`	`86`	`/* Add a new node to the list, to head, containing the specified 'value'`
`81`	`87`	`* pointer as value.`
`82`	`88`	`*`
Original file line number	Diff line number	Diff line change
`@@ -559,7 +559,7 @@ CallReply callReplyCreateError(sds reply, void private_data) {`
`559`	`559`	`sdsfree(reply);`
`560`	`560`	`}`
`561`	`561`	`list *deferred_error_list = listCreate();`
`562`		`- listSetFreeMethod(deferred_error_list, (void ()(void ))sdsfree);`
	`562`	`+ listSetFreeMethod(deferred_error_list, sdsfreeVoid);`
`563`	`563`	`listAddNodeTail(deferred_error_list, sdsnew(err_buff));`
`564`	`564`	`return callReplyCreate(err_buff, deferred_error_list, private_data);`
`565`	`565`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1193,7 +1193,7 @@ void scanGenericCommand(client c, robj o, unsigned long long cursor) {`
`1193`	`1193`	`* are deep copied temporary strings. We must not free them if they are just`
`1194`	`1194`	`* a shallow copy - a pointer to the actual data in the data structure */`
`1195`	`1195`	`if (!shallow_copied_list_items) {`
`1196`		`- listSetFreeMethod(keys, (void ()(void ))sdsfree);`
	`1196`	`+ listSetFreeMethod(keys, sdsfreeVoid);`
`1197`	`1197`	`}`
`1198`	`1198`
`1199`	`1199`	`/* For main hash table scan or scannable data structure. */`
Original file line number	Diff line number	Diff line change
`@@ -421,7 +421,7 @@ static void activeDefragQuickListNodes(quicklist *ql) {`
`421`	`421`	`static void defragLater(robj *obj) {`
`422`	`422`	`if (!defrag_later) {`
`423`	`423`	`defrag_later = listCreate();`
`424`		`- listSetFreeMethod(defrag_later, (void ()(void ))sdsfree);`
	`424`	`+ listSetFreeMethod(defrag_later, sdsfreeVoid);`
`425`	`425`	`defrag_later_cursor = 0;`
`426`	`426`	`}`
`427`	`427`	`sds key = sdsdup(objectGetKey(obj));`
Original file line number	Diff line number	Diff line change
`@@ -348,7 +348,7 @@ libraryJoin(functionsLibCtx functions_lib_ctx_dst, functionsLibCtx functions_l`
`348`	`348`	`} else {`
`349`	`349`	`if (!old_libraries_list) {`
`350`	`350`	`old_libraries_list = listCreate();`
`351`		`- listSetFreeMethod(old_libraries_list, (void ()(void ))engineLibraryFree);`
	`351`	`+ listSetFreeMethod(old_libraries_list, engineLibraryDispose);`
`352`	`352`	`}`
`353`	`353`	`libraryUnlink(functions_lib_ctx_dst, old_li);`
`354`	`354`	`listAddNodeTail(old_libraries_list, old_li);`