[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r35306 - gnunet/src/util
From: |
gnunet |
Subject: |
[GNUnet-SVN] r35306 - gnunet/src/util |
Date: |
Sat, 28 Feb 2015 15:05:47 +0100 |
Author: grothoff
Date: 2015-02-28 15:05:47 +0100 (Sat, 28 Feb 2015)
New Revision: 35306
Modified:
gnunet/src/util/client.c
Log:
Fix use after free:
==14602== Invalid write of size 4
==14602== at 0x5A82CA7: receive_helper (client.c:542)
==14602== by 0x5A8E146: signal_receive_timeout (connection.c:508)
==14602== by 0x5A91236: receive_ready (connection.c:1091)
==14602== by 0x5AC1091: run_ready (scheduler.c:587)
==14602== by 0x5AC1915: GNUNET_SCHEDULER_run (scheduler.c:816)
==14602== by 0x5AD00F5: GNUNET_SERVICE_run (service.c:1503)
==14602== by 0x406218: main (gnunet-service-transport.c:925)
==14602== Address 0xa4d42f8 is 104 bytes inside a block of size 120 free'd
==14602== at 0x4C29E90: free (vg_replace_malloc.c:473)
==14602== by 0x5A872C3: GNUNET_xfree_ (common_allocation.c:239)
==14602== by 0x5A829C5: GNUNET_CLIENT_disconnect (client.c:475)
==14602== by 0x5ABD9E5: handle_response (resolver_api.c:388)
==14602== by 0x5A82CA2: receive_helper (client.c:538)
==14602== by 0x5A8E146: signal_receive_timeout (connection.c:508)
==14602== by 0x5A91236: receive_ready (connection.c:1091)
==14602== by 0x5AC1091: run_ready (scheduler.c:587)
==14602== by 0x5AC1915: GNUNET_SCHEDULER_run (scheduler.c:816)
==14602== by 0x5AD00F5: GNUNET_SERVICE_run (service.c:1503)
==14602== by 0x406218: main (gnunet-service-transport.c:925)
Modified: gnunet/src/util/client.c
===================================================================
--- gnunet/src/util/client.c 2015-02-28 13:52:37 UTC (rev 35305)
+++ gnunet/src/util/client.c 2015-02-28 14:05:47 UTC (rev 35306)
@@ -531,6 +531,8 @@
(unsigned int) available,
NULL == client->connection ? "NULL" : "non-NULL",
STRERROR (errCode));
+ /* remember failure */
+ client->in_receive = GNUNET_SYSERR;
if (NULL != (receive_handler = client->receiver_handler))
{
receive_handler_cls = client->receiver_handler_cls;
@@ -538,8 +540,6 @@
receive_handler (receive_handler_cls,
NULL);
}
- /* remember failure */
- client->in_receive = GNUNET_SYSERR;
return;
}
/* FIXME: optimize for common fast case where buf contains the
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r35306 - gnunet/src/util,
gnunet <=