[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Match files bug

From: John Darrington
Subject: Match files bug
Date: Wed, 15 Feb 2006 20:11:01 +0800
User-agent: Mutt/1.5.4i

On Mon, Feb 13, 2006 at 06:31:53AM -0800, Ben Pfaff wrote:
     John Darrington <address@hidden> writes:
     > tests/command/ is crashing sometimes with a "double free
     > or delete" error, but this behaviour is intermittent, and I can't get
     > it to do this on demand. 
     I noticed the same thing.  It is surprising and embarrassing.  I
     will investigate when I get a chance.
I think the bug is in this function:

static bool
mtf_free (struct mtf_proc *mtf)
  struct mtf_file *iter, *next;
  bool ok = true;

  for (iter = mtf->head; iter; iter = next)
      next = iter->next;
      if (!mtf_close_file (iter))
        ok = false;

  if (mtf->dict)
    dict_destroy (mtf->dict);
  case_destroy (&mtf->mtf_case);
  free (mtf->seq_nums);

  return ok;

The problem is, that one of the linked list elements may have a dict
member that is equal to mtf->dict.  In which case it gets destroyed
twice -- once in the for loop and once in the explicit call to
dict_destroy that comes after the loop.

For that matter, is there anything preventing two or more members of
the linked list from sharing the same dict member ?


PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See or any PGP keyserver for public key.

Attachment: pgpXCjJxKWYYv.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]