this should rather be an assert in the body of the if.

self->proto should never be a NULL in this case (we had a bug in this path a while back in case of threaded(no)), and I reviewed that we have it covered. The bug at that time was caused by use-after-free.

So, I would rather get an abort in case self->proto is NULL here.

We concluded that self->proto being NULL here is allowed, as a pending_close can NULL it out a few lines above.

This was a rather naive approach, I blindly copied what I had found in LogWriter, thanks for catching it!

I do remember now, yes, self->proto can be NULL here.

I don't see how this could occur. self->connection is initialized in the constructor by taking a ref from a constructor argument. The only call-site that calls control_command_thread_new() is control-connection which passes "self" to that argument.

I wouldn't want to spray unneeded asserts everywhere. If we want to add this anywhere, it should be in the constructor I think, but I don't think there's too much pressure doing it even there.

Indeed, it was a false positive, thanks once again for the catch!

this doubles the number of allocations as it will allocate both the GString struct and its "str" member. The aim was to optimize away this case.

A better alternative would be to use scratch-buffers for this purpose, or maybe wrap this ugly trick into a nicer looking function (aka g_string_steal).

Also, this seems to be a use-after-free, you are freeing self->line_buffer and then calling g_string_set_size() on it.

I gave it a second thought and refactored the function to take a ownership_transferred boolean which decides whether the old buffer should be freed or not. I think it helps with readability as the freeing would happen inside the function instead of the call side.

I am more than happy to revert it, because it does not contribute much to the spirit of the PR either.

I think removing this would cause a leak through the circular reference through the AFFileDestWriter->owner member.

I agree, affile_dw_set_owner() is necessary here, but its implementation needs to be fixed in order not to dereference NULL pointers. This is a real issue, we've reproduced the crash.

affile_dw_unset_owner() would be even cleaner.

Thanks once again, affile_dw_set_owner got fixed, it should take care of the possible NULL owner now.

This does not look like an equivalent transformation to me.
What's the idea behind this patch?

The idea was that the freeing was outside the other buffer manipulations and I wanted them to be close to each other (on the call site -> inside the function).

The consumed boolean is responsible for deciding whether a specific buffer has been passed yet or not. If it has been passed, then it should not be freed, because the reference is needed (there is something that refers to it).
If it has not been passed (nothing else refers to it), then the old buffer must be freed.

Basically I moved the g_free call into the function body.

This does not fix the NULL pointer deref issue as log_pipe_get_config dereferences owner.

You are right, I messed it up during the rebase 🤦 .

Probably we should do something with self->super.expr_node too.

Upon a closer look it seems that the expr_node setting is done without freeing the old one in other places as well.

Should I fix it in this PR or in a separate one?