[Openais] Bug in main.c - libais_disconnect

Hans Feldt Hans.Feldt at ericsson.com
Thu Apr 20 02:05:39 PDT 2006


Sorry for spamming...

I freed private data on first call to disconnect, fixed in new patch.

Hans Feldt wrote:
> Sorry, I removed too much code. New patch attached.
> =

> Hans Feldt wrote:
> =

>>
>> I experience double freeing of memory in libais_disconnect when AMF is =

>> restarting a component. Without understanding the bigger picture I =

>> removed all partner stuff in the function except clearing the partner =

>> pointer before freeing memory. The function will be called twice for =

>> each of the two sockets service clients have. Therefore I thought each =

>> call could free resources associated with the connection and nothing =

>> else. Seems to work for me, patch attached.
>>
>> Regards,
>> Hans
>>
>>
>> ------------------------------------------------------------------------
>>
>> Index: main.c
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> --- main.c    (revision 995)
>> +++ main.c    (working copy)
>> @@ -215,23 +215,17 @@
>>      int res =3D 0;
>>      struct outq_item *outq_item;
>>  =

>> +    /*
>> +     * Call library exit handler if any
>> +     */
>>      if (conn_info->should_exit_fn &&
>>          ais_service[conn_info->service]->lib_exit_fn) {
>>  =

>>          res =3D ais_service[conn_info->service]->lib_exit_fn (conn_info=
);
>>      }
>>  =

>> -    /*
>> -     * Call library exit handler and free private data
>> -     */
>> -    if (conn_info->conn_info_partner &&
>> -        conn_info->conn_info_partner->should_exit_fn &&
>> -        =

>> ais_service[conn_info->conn_info_partner->service]->lib_exit_fn) {
>> -
>> -        res =3D =

>> ais_service[conn_info->conn_info_partner->service]->lib_exit_fn =

>> (conn_info->conn_info_partner);
>> -        if (conn_info->private_data) {
>> -            free (conn_info->private_data);
>> -        }
>> +    if (conn_info->private_data) {
>> +        free (conn_info->private_data);
>>      }
>>  =

>>      /*
>> @@ -257,43 +251,17 @@
>>      }
>>  =

>>      /*
>> -     * Close the library connection and free its
>> -     * data if it hasn't already been freed
>> -     */
>> -    if (conn_info->conn_info_partner &&
>> -        conn_info->conn_info_partner->state !=3D =

>> CONN_STATE_DISCONNECTING) {
>> -
>> -        conn_info->conn_info_partner->state =3D CONN_STATE_DISCONNECTIN=
G;
>> -
>> -        close (conn_info->conn_info_partner->fd);
>> -
>> -        /*
>> -         * Free the outq queued items
>> -         */
>> -        while (!queue_is_empty (&conn_info->conn_info_partner->outq)) {
>> -            outq_item =3D queue_item_get =

>> (&conn_info->conn_info_partner->outq);
>> -            free (outq_item->msg);
>> -            queue_item_remove (&conn_info->conn_info_partner->outq);
>> -        }
>> -
>> -        queue_free (&conn_info->conn_info_partner->outq);
>> -        if (conn_info->conn_info_partner->inb) {
>> -            free (conn_info->conn_info_partner->inb);
>> -        }
>> -    }
>> -
>> -    /*
>>       * If exit_fn didn't request a retry,
>>       * free the conn_info structure
>>       */
>>      if (res !=3D -1) {
>> -        if (conn_info->conn_info_partner) {
>> -            poll_dispatch_delete (aisexec_poll_handle,
>> -                conn_info->conn_info_partner->fd);
>> +        /*
>> +         * update partners info about us
>> +         */
>> +        if (conn_info->conn_info_partner &&
>> +            conn_info->conn_info_partner->conn_info_partner !=3D NULL) {
>> +            conn_info->conn_info_partner->conn_info_partner =3D NULL;
>>          }
>> -        poll_dispatch_delete (aisexec_poll_handle, conn_info->fd);
>> -
>> -        free (conn_info->conn_info_partner);
>>          free (conn_info);
>>      }
>>  =

>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Openais mailing list
>> Openais at lists.osdl.org
>> https://lists.osdl.org/mailman/listinfo/openais
> =

> =

> =

> ------------------------------------------------------------------------
> =

> Index: main.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- main.c	(revision 995)
> +++ main.c	(working copy)
> @@ -215,23 +215,17 @@
>  	int res =3D 0;
>  	struct outq_item *outq_item;
>  =

> +	/*
> +	 * Call library exit handler if any
> +	 */
>  	if (conn_info->should_exit_fn &&
>  		ais_service[conn_info->service]->lib_exit_fn) {
>  =

>  		res =3D ais_service[conn_info->service]->lib_exit_fn (conn_info);
>  	}
>  =

> -	/*
> -	 * Call library exit handler and free private data
> -	 */
> -	if (conn_info->conn_info_partner &&
> -		conn_info->conn_info_partner->should_exit_fn &&
> -		ais_service[conn_info->conn_info_partner->service]->lib_exit_fn) {
> -
> -		res =3D ais_service[conn_info->conn_info_partner->service]->lib_exit_f=
n (conn_info->conn_info_partner);
> -		if (conn_info->private_data) {
> -			free (conn_info->private_data);
> -		}
> +	if (conn_info->private_data) {
> +		free (conn_info->private_data);
>  	}
>  =

>  	/*
> @@ -257,43 +251,19 @@
>  	}
>  =

>  	/*
> -	 * Close the library connection and free its
> -	 * data if it hasn't already been freed
> -	 */
> -	if (conn_info->conn_info_partner &&
> -		conn_info->conn_info_partner->state !=3D CONN_STATE_DISCONNECTING) {
> -
> -		conn_info->conn_info_partner->state =3D CONN_STATE_DISCONNECTING;
> -
> -		close (conn_info->conn_info_partner->fd);
> -
> -		/*
> -		 * Free the outq queued items
> -		 */
> -		while (!queue_is_empty (&conn_info->conn_info_partner->outq)) {
> -			outq_item =3D queue_item_get (&conn_info->conn_info_partner->outq);
> -			free (outq_item->msg);
> -			queue_item_remove (&conn_info->conn_info_partner->outq);
> -		}
> -
> -		queue_free (&conn_info->conn_info_partner->outq);
> -		if (conn_info->conn_info_partner->inb) {
> -			free (conn_info->conn_info_partner->inb);
> -		}
> -	}
> -
> -	/*
>  	 * If exit_fn didn't request a retry,
>  	 * free the conn_info structure
>  	 */
>  	if (res !=3D -1) {
> -		if (conn_info->conn_info_partner) {
> -			poll_dispatch_delete (aisexec_poll_handle,
> -				conn_info->conn_info_partner->fd);
> +		/*
> +		 * update partners info about us
> +		 */
> +		if (conn_info->conn_info_partner &&
> +			conn_info->conn_info_partner->conn_info_partner !=3D NULL) {
> +			conn_info->conn_info_partner->conn_info_partner =3D NULL;
>  		}
>  		poll_dispatch_delete (aisexec_poll_handle, conn_info->fd);
>  =

> -		free (conn_info->conn_info_partner);
>  		free (conn_info);
>  	}
>  =

> =

> =

> ------------------------------------------------------------------------
> =

> _______________________________________________
> Openais mailing list
> Openais at lists.osdl.org
> https://lists.osdl.org/mailman/listinfo/openais

-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.patch
Type: text/x-patch
Size: 2303 bytes
Desc: not available
Url : http://lists.linux-foundation.org/pipermail/openais/attachments/20060=
420/2478abe1/main-0001.bin


More information about the Openais mailing list