[Openais] Bug in main.c - libais_disconnect
Hans Feldt
Hans.Feldt at ericsson.com
Thu Apr 20 02:05:39 PDT 2006
Sorry for spamming...
I freed private data on first call to disconnect, fixed in new patch.
Hans Feldt wrote:
> Sorry, I removed too much code. New patch attached.
> =
> Hans Feldt wrote:
> =
>>
>> I experience double freeing of memory in libais_disconnect when AMF is =
>> restarting a component. Without understanding the bigger picture I =
>> removed all partner stuff in the function except clearing the partner =
>> pointer before freeing memory. The function will be called twice for =
>> each of the two sockets service clients have. Therefore I thought each =
>> call could free resources associated with the connection and nothing =
>> else. Seems to work for me, patch attached.
>>
>> Regards,
>> Hans
>>
>>
>> ------------------------------------------------------------------------
>>
>> Index: main.c
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> --- main.c (revision 995)
>> +++ main.c (working copy)
>> @@ -215,23 +215,17 @@
>> int res =3D 0;
>> struct outq_item *outq_item;
>> =
>> + /*
>> + * Call library exit handler if any
>> + */
>> if (conn_info->should_exit_fn &&
>> ais_service[conn_info->service]->lib_exit_fn) {
>> =
>> res =3D ais_service[conn_info->service]->lib_exit_fn (conn_info=
);
>> }
>> =
>> - /*
>> - * Call library exit handler and free private data
>> - */
>> - if (conn_info->conn_info_partner &&
>> - conn_info->conn_info_partner->should_exit_fn &&
>> - =
>> ais_service[conn_info->conn_info_partner->service]->lib_exit_fn) {
>> -
>> - res =3D =
>> ais_service[conn_info->conn_info_partner->service]->lib_exit_fn =
>> (conn_info->conn_info_partner);
>> - if (conn_info->private_data) {
>> - free (conn_info->private_data);
>> - }
>> + if (conn_info->private_data) {
>> + free (conn_info->private_data);
>> }
>> =
>> /*
>> @@ -257,43 +251,17 @@
>> }
>> =
>> /*
>> - * Close the library connection and free its
>> - * data if it hasn't already been freed
>> - */
>> - if (conn_info->conn_info_partner &&
>> - conn_info->conn_info_partner->state !=3D =
>> CONN_STATE_DISCONNECTING) {
>> -
>> - conn_info->conn_info_partner->state =3D CONN_STATE_DISCONNECTIN=
G;
>> -
>> - close (conn_info->conn_info_partner->fd);
>> -
>> - /*
>> - * Free the outq queued items
>> - */
>> - while (!queue_is_empty (&conn_info->conn_info_partner->outq)) {
>> - outq_item =3D queue_item_get =
>> (&conn_info->conn_info_partner->outq);
>> - free (outq_item->msg);
>> - queue_item_remove (&conn_info->conn_info_partner->outq);
>> - }
>> -
>> - queue_free (&conn_info->conn_info_partner->outq);
>> - if (conn_info->conn_info_partner->inb) {
>> - free (conn_info->conn_info_partner->inb);
>> - }
>> - }
>> -
>> - /*
>> * If exit_fn didn't request a retry,
>> * free the conn_info structure
>> */
>> if (res !=3D -1) {
>> - if (conn_info->conn_info_partner) {
>> - poll_dispatch_delete (aisexec_poll_handle,
>> - conn_info->conn_info_partner->fd);
>> + /*
>> + * update partners info about us
>> + */
>> + if (conn_info->conn_info_partner &&
>> + conn_info->conn_info_partner->conn_info_partner !=3D NULL) {
>> + conn_info->conn_info_partner->conn_info_partner =3D NULL;
>> }
>> - poll_dispatch_delete (aisexec_poll_handle, conn_info->fd);
>> -
>> - free (conn_info->conn_info_partner);
>> free (conn_info);
>> }
>> =
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Openais mailing list
>> Openais at lists.osdl.org
>> https://lists.osdl.org/mailman/listinfo/openais
> =
> =
> =
> ------------------------------------------------------------------------
> =
> Index: main.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- main.c (revision 995)
> +++ main.c (working copy)
> @@ -215,23 +215,17 @@
> int res =3D 0;
> struct outq_item *outq_item;
> =
> + /*
> + * Call library exit handler if any
> + */
> if (conn_info->should_exit_fn &&
> ais_service[conn_info->service]->lib_exit_fn) {
> =
> res =3D ais_service[conn_info->service]->lib_exit_fn (conn_info);
> }
> =
> - /*
> - * Call library exit handler and free private data
> - */
> - if (conn_info->conn_info_partner &&
> - conn_info->conn_info_partner->should_exit_fn &&
> - ais_service[conn_info->conn_info_partner->service]->lib_exit_fn) {
> -
> - res =3D ais_service[conn_info->conn_info_partner->service]->lib_exit_f=
n (conn_info->conn_info_partner);
> - if (conn_info->private_data) {
> - free (conn_info->private_data);
> - }
> + if (conn_info->private_data) {
> + free (conn_info->private_data);
> }
> =
> /*
> @@ -257,43 +251,19 @@
> }
> =
> /*
> - * Close the library connection and free its
> - * data if it hasn't already been freed
> - */
> - if (conn_info->conn_info_partner &&
> - conn_info->conn_info_partner->state !=3D CONN_STATE_DISCONNECTING) {
> -
> - conn_info->conn_info_partner->state =3D CONN_STATE_DISCONNECTING;
> -
> - close (conn_info->conn_info_partner->fd);
> -
> - /*
> - * Free the outq queued items
> - */
> - while (!queue_is_empty (&conn_info->conn_info_partner->outq)) {
> - outq_item =3D queue_item_get (&conn_info->conn_info_partner->outq);
> - free (outq_item->msg);
> - queue_item_remove (&conn_info->conn_info_partner->outq);
> - }
> -
> - queue_free (&conn_info->conn_info_partner->outq);
> - if (conn_info->conn_info_partner->inb) {
> - free (conn_info->conn_info_partner->inb);
> - }
> - }
> -
> - /*
> * If exit_fn didn't request a retry,
> * free the conn_info structure
> */
> if (res !=3D -1) {
> - if (conn_info->conn_info_partner) {
> - poll_dispatch_delete (aisexec_poll_handle,
> - conn_info->conn_info_partner->fd);
> + /*
> + * update partners info about us
> + */
> + if (conn_info->conn_info_partner &&
> + conn_info->conn_info_partner->conn_info_partner !=3D NULL) {
> + conn_info->conn_info_partner->conn_info_partner =3D NULL;
> }
> poll_dispatch_delete (aisexec_poll_handle, conn_info->fd);
> =
> - free (conn_info->conn_info_partner);
> free (conn_info);
> }
> =
> =
> =
> ------------------------------------------------------------------------
> =
> _______________________________________________
> Openais mailing list
> Openais at lists.osdl.org
> https://lists.osdl.org/mailman/listinfo/openais
-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.patch
Type: text/x-patch
Size: 2303 bytes
Desc: not available
Url : http://lists.linux-foundation.org/pipermail/openais/attachments/20060=
420/2478abe1/main-0001.bin
More information about the Openais
mailing list