fix(tracing): use-after-realloc in ddtrace_format_tracestate#3874
Conversation
Benchmarks [ tracer ]Benchmark execution time: 2026-05-12 16:37:41 Comparing candidate commit f880f75 in PR branch Found 1 performance improvements and 5 performance regressions! Performance is the same for 188 metrics, 0 unstable metrics. scenario:EmptyFileBench/benchEmptyFileBaseline
scenario:EmptyFileBench/benchEmptyFileBaseline-opcache
scenario:PHPRedisBench/benchRedisOverhead-opcache
scenario:SamplingRuleMatchingBench/benchRegexMatching1
scenario:SamplingRuleMatchingBench/benchRegexMatching2
scenario:SamplingRuleMatchingBench/benchRegexMatching3
|
🎉 All green!❄️ No new flaky tests detected 🎯 Code Coverage (details) 🔗 Commit SHA: f880f75 | Docs | Datadog PR Page | Give us feedback! |
bwoebi
left a comment
There was a problem hiding this comment.
The extra { indent level is odd, but logic is right.
|
The extra block scope is to ensure that the temporaries are not used later on, because the whole issue with the bug is the pointer being used after it has been invalidated, so we didn't want their scope to live any longer than necessary. |
PROF-14628
Description
There is a logic error in
ddtrace_format_tracestatethat can theoretically result in a stale pointer read caused by a realloc.I found this by investigating a customer crash which has
smart_str_appendin the stack. I am not sure it is this one.Reviewer checklist