[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #25915] Segfault in -[NSNotificationQueue dealloc]
From: |
Larry Campbell |
Subject: |
[bug #25915] Segfault in -[NSNotificationQueue dealloc] |
Date: |
Wed, 18 Mar 2009 14:56:08 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 |
URL:
<http://savannah.gnu.org/bugs/?25915>
Summary: Segfault in -[NSNotificationQueue dealloc]
Project: GNUstep
Submitted by: lcampbel
Submitted on: Wed 18 Mar 2009 02:56:06 PM GMT
Category: Base/Foundation
Severity: 3 - Normal
Item Group: Bug
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
-[NSNotificationQueue dealloc] traverses a linked list of
NSNotificationQueueRegistration objects, deleting each object from the queue,
but makes the classic mistake of dereferencing the link to the next object
_after_ the object has been freed.
Here's the fix:
--- NSNotificationQueue.m.orig 2008-06-09 00:05:01.000000000 -0400
+++ NSNotificationQueue.m 2009-03-18 10:51:55.000000000 -0400
@@ -353,6 +353,7 @@
- (void) dealloc
{
NSNotificationQueueRegistration *item;
+ NSNotificationQueueRegistration *prev;
/*
* remove from class instances list
@@ -362,14 +363,16 @@
/*
* release self from queues
*/
- for (item = _asapQueue->head; item; item=item->prev)
+ for (item = _asapQueue->head; item; item=prev)
{
+ prev = item->prev;
remove_from_queue(_asapQueue, item, _zone);
}
NSZoneFree(_zone, _asapQueue);
- for (item = _idleQueue->head; item; item=item->prev)
+ for (item = _idleQueue->head; item; item=prev)
{
+ prev = item->prev;
remove_from_queue(_idleQueue, item, _zone);
}
NSZoneFree(_zone, _idleQueue);
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?25915>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #25915] Segfault in -[NSNotificationQueue dealloc],
Larry Campbell <=