[patch] null after free
John (J5) Palmieri
johnp at redhat.com
Mon Oct 4 14:27:28 UTC 2004
On Sat, 2004-10-02 at 18:59 -0400, Havoc Pennington wrote:
> On Fri, 2004-10-01 at 16:42 -0400, John (J5) Palmieri wrote:
> > An unfortunate breakage in glibc's getgrouplist function led me to this
> > bug in a rarely used error code path. Basically on errors in the
> > fill_user_info function there is a double free of the info structure. I
> > have a quick fix which nulls out the structure after the free. This
> > ensures that double frees don't crash dbus. This however is a bandaid
> > and we need to look at why the double free is happening and to determine
> > which of the frees is the correct one.
> >
> > The glibc guys took care of the glib bug so no worries there.
> >
>
> OK, we should really figure out the real bug instead of applying the
> bandaid - valgrind should spell it out for you, I would think, if you
> can reproduce.
>
> Havoc
I know where it is happening. I just wasn't sure if it was happening in
other places and didn't have time to fix it properly. I thought I would
get the bandaid out first and report the error while I was tracking down
the glibc bug. What I will do, now that I have time, is put asserts in
the user_info_free function and fix the double frees properly where I
can find them.
--
John (J5) Palmieri
Associate Software Engineer
Desktop Group
Red Hat, Inc.
Blog: http://martianrock.com
More information about the dbus
mailing list