From b3c691e92038ea369dea41d80b51d001a5eddaa2 Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Thu, 1 Dec 2016 09:29:17 -0800 Subject: [PATCH] Prevent rule_result from leaking on error. Change falco_engine::process_event to return a unique_ptr that wraps the rule result, so it won't be leaked if this method throws an exception. This means that callers don't need to create their own. --- userspace/engine/falco_engine.cpp | 8 ++++---- userspace/engine/falco_engine.h | 2 +- userspace/falco/falco.cpp | 3 +-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index 4fabf681..3155b7a7 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -110,20 +110,20 @@ void falco_engine::enable_rule(string &pattern, bool enabled) m_evttype_filter.enable(pattern, enabled); } -falco_engine::rule_result *falco_engine::process_event(sinsp_evt *ev) +unique_ptr falco_engine::process_event(sinsp_evt *ev) { if(should_drop_evt()) { - return NULL; + return unique_ptr(); } if(!m_evttype_filter.run(ev)) { - return NULL; + return unique_ptr(); } - struct rule_result *res = new rule_result(); + unique_ptr res(new rule_result()); lua_getglobal(m_ls, lua_on_event.c_str()); diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h index 5820c570..c540429e 100644 --- a/userspace/engine/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -63,7 +63,7 @@ public: // the rule that matched. If no rule matched, returns NULL. // // the reutrned rule_result is allocated and must be delete()d. - rule_result *process_event(sinsp_evt *ev); + std::unique_ptr process_event(sinsp_evt *ev); // // Print details on the given rule. If rule is NULL, print diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index eee175e9..e15bf2b2 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -171,11 +171,10 @@ uint64_t do_inspect(falco_engine *engine, // engine, which will match the event against the set // of rules. If a match is found, pass the event to // the outputs. - falco_engine::rule_result *res = engine->process_event(ev); + unique_ptr res = engine->process_event(ev); if(res) { outputs->handle_event(res->evt, res->rule, res->priority, res->format); - delete(res); } num_evts++;