[patch] Accessing freed memory crash

Leonard den Ottolander leonard at den.ottolander.nl
Sat Aug 12 09:48:31 UTC 2006


Hello Mikulas,

On Sat, 2006-08-12 at 03:35 +0200, Mikulas Patocka wrote:
> I think the code you committed is wrong. Imagine this: you have one event 
> in select list and that event is set in select_set. On the first pass, you 
> call callback and set retry to TRUE. Callback removes the event. You 
> return to "do" cycle, now select_list is empty, you never get to 
> retry=FALSE statement, and you loop forever with retry == TRUE.

You are right.

> do

I'll set retry to FALSE here at the beginning of the do loop. Agreed?

>      for (p = select_list; p; p = p->next)
>          if (FD_ISSET (p->fd, select_set)) {
>              FD_CLR (p->fd, select_set);

This morning I realized I didn't check out the consequences of clearing
select_set here. Can we safely do this without disturbing the caller?

>              (*p->callback)(p->fd, p->info);
>              retry = TRUE;
>              break;
>          } else
>              retry = FALSE;
> while (retry);

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research





More information about the mc-devel mailing list