[patch] Accessing freed memory crash
Mikulas Patocka
mikulas at artax.karlin.mff.cuni.cz
Thu Aug 10 23:49:48 UTC 2006
Hi
check_selects calls a callback when there is an event on handle. The
callback itself can remove the event with delete_select_channel --- when
it happens, check_selects accesses defunct p->next pointer and crash may
happen. (I reproduced crash on this when inserting sleep(1) somewhere in
background-handling code to debug unrelated issues --- it is likely that
the crash may happen normally too, but with small probability).
This is the fix:
--- key.c_ 2006-08-11 01:49:19.000000000 +0200
+++ key.c 2006-08-11 01:49:31.000000000 +0200
@@ -185,9 +185,13 @@
if (disabled_channels)
return;
+ retry:
for (p = select_list; p; p = p->next)
- if (FD_ISSET (p->fd, select_set))
+ if (FD_ISSET (p->fd, select_set)) {
+ FD_CLR (p->fd, select_set);
(*p->callback)(p->fd, p->info);
+ goto retry;
+ }
}
void channels_down (void)
Mikulas
More information about the mc-devel
mailing list