[Crash-utility] Error in unload_extension
Dave Anderson
anderson at redhat.com
Mon Dec 17 16:15:34 UTC 2012
----- Original Message -----
>
>
>
>
> I was running valgrind to check some of my own code and then stumbled
> upon the following:
>
> In function unload_extension (extensions.c) last loop:
>
> for (ext = extension_table, found = FALSE; ext; ext = ext->next) {
>
> in the loop free(ext) is performed and then ext is accessed again in
> the loop control statement. Fix:
>
> - either test for “!found && ext” in loop control or
> - break the loop if the free statement has executed.
>
> Note that there is also a risk that the loop continues (with current
> code), even if found becomes true, as ext->next is not changed.
Jan,
Thanks for catching that -- I'll just have it break the loop when found.
But given that the ext->next pointer is near the end of the structure,
it apparently remains unmodified by the free() bookkeeping, and the
for loop just harmlessly continues with the ext->next setting since
it was not changed. At least, in my testing it works regardless whether
the removed entry is at the beginning, middle, or at the end of the list.
Queued for crash-6.1.2.
Thanks again,
Dave
More information about the Crash-utility
mailing list