Message ID | 20140708120846.GH609@spoyarek.pnq.redhat.com |
---|---|
State | New |
Headers | show |
Siddhesh Poyarekar <siddhesh@redhat.com> writes: > The test case bug-ga2 crashes when the system it is running on has no > ipv6 address configured. This is because we point the cache (that is > freed on exit) to a static variable if there is no ipv6 address, which > later results in freeing an invalid pointer. Why is this not working? .usecnt = 1, /* Make sure we never try to delete this entry. */ Andreas.
On Tue, Jul 08, 2014 at 02:16:30PM +0200, Andreas Schwab wrote: > Siddhesh Poyarekar <siddhesh@redhat.com> writes: > > > The test case bug-ga2 crashes when the system it is running on has no > > ipv6 address configured. This is because we point the cache (that is > > freed on exit) to a static variable if there is no ipv6 address, which > > later results in freeing an invalid pointer. > > Why is this not working? > > .usecnt = 1, /* Make sure we never try to delete this entry. */ > Because it uses free() instead of __free_in6ai. my patch has a leak anyway, so it is wrong. I'll write another fix for it. Siddhesh
diff --git a/sysdeps/unix/sysv/linux/check_pf.c b/sysdeps/unix/sysv/linux/check_pf.c index 1bc1def..063e15f 100644 --- a/sysdeps/unix/sysv/linux/check_pf.c +++ b/sysdeps/unix/sysv/linux/check_pf.c @@ -311,7 +311,8 @@ make_request (int fd, pid_t pid) atomic_add (&noai6ai_cached.usecnt, 2); noai6ai_cached.seen_ipv4 = seen_ipv4; noai6ai_cached.seen_ipv6 = seen_ipv6; - result = &noai6ai_cached; + result = malloc (sizeof (noai6ai_cached)); + memcpy (result, &noai6ai_cached, sizeof (noai6ai_cached)); } if (use_malloc)