Re: [leafnode-list] fix SEGV in nntpd.c

[Ralf Wildenhues <wildenhu@xxxxxxxxxxxxxxx>]

* Jonathan Larmour wrote:
> This is again against 1.9.20.rel. If fetchnews runs, it causes any existing
> running clients to SEGV because the active file is stamped, causing it to
> call rerunactive(), which in turn frees the existing active file info. The
> problem is that the group and xovergroup pointers point into that, so they
> are left pointing at freed memory.
*snip*
>  It looks like the same problem might affect the 2.0prereleases too.

Thanks for the report.  Concerning this issue in 2.0b8_ma10pre3.1:

For 'group' (which is local static to main_loop()) the only place I can
see a change to storage reachable by variable 'active' being triggered
without 'group' being changed is dolist("active"), that is "LIST
ACTIVE".  valgrind confirms this bug. 'group' should probably be copied
and findgroup()ed again, xovergroup set to group afterwards (in case it
was before).

Skimming through the code, I found a possible optimization in dogroup():
If maybegetxover() does read the overview (make it return some other
status code that tells the caller if it did so successfully), set
xovergroup = g in dogroup() since we have current information in
xoverinfo then.  Anything wrong with this?

HAND
Ralf

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list