[patch] null after free

John (J5) Palmieri johnp at redhat.com
Mon Oct 4 14:27:28 UTC 2004


On Sat, 2004-10-02 at 18:59 -0400, Havoc Pennington wrote:
> On Fri, 2004-10-01 at 16:42 -0400, John (J5) Palmieri wrote:
> > An unfortunate breakage in glibc's getgrouplist function led me to this
> > bug in a rarely used error code path.  Basically on errors in the
> > fill_user_info function there is a double free of the info structure.  I
> > have a quick fix which nulls out the structure after the free.  This
> > ensures that double frees don't crash dbus.  This however is a bandaid
> > and we need to look at why the double free is happening and to determine
> > which of the frees is the correct one. 
> > 
> > The glibc guys took care of the glib bug so no worries there.
> > 
> 
> OK, we should really figure out the real bug instead of applying the
> bandaid - valgrind should spell it out for you, I would think, if you
> can reproduce.
> 
> Havoc

I know where it is happening.  I just wasn't sure if it was happening in
other places and didn't have time to fix it properly.  I thought I would
get the bandaid out first and report the error while I was tracking down
the glibc bug.  What I will do, now that I have time, is put asserts in
the user_info_free function and fix the double frees properly where I
can find them.  

-- 
John (J5) Palmieri
Associate Software Engineer
Desktop Group
Red Hat, Inc.
Blog: http://martianrock.com



More information about the dbus mailing list