Corrupted double-linked list (nnrpd, Python, innconfval)

Russ Allbery rra at stanford.edu
Sat Jun 21 16:20:02 UTC 2008


Julien ÉLIE <julien at trigofacile.com> writes:

> I believe it happens here:
>
> void
> PY_close_python(void)
> {
>    if (files != NULL) {
>        hash_traverse(files, file_trav, NULL);
> -->     hash_free(files);
>    }

That doesn't set files back to NULL, so if it ever happens that one closes
and then reopens Python in the same process, I bet files is still pointing
to the old freed memory and INN blithely tries to write to it.

Adding files = NULL; after hash_free(files) will fix it if I'm right.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list