Re: [leafnode-list] fix SEGV in nntpd.c

[Jonathan Larmour <jlarmour@xxxxxxxxxx>]

Ralf Wildenhues wrote:
> 
> * Jonathan Larmour wrote:
> > This is again against 1.9.20.rel. If fetchnews runs, it causes any existing
> > running clients to SEGV because the active file is stamped, causing it to
> > call rerunactive(), which in turn frees the existing active file info. The
> > problem is that the group and xovergroup pointers point into that, so they
> > are left pointing at freed memory.
> *snip*
> >  It looks like the same problem might affect the 2.0prereleases too.
> 
> Thanks for the report.  Concerning this issue in 2.0b8_ma10pre3.1:
> 
> For 'group' (which is local static to main_loop()) the only place I can
> see a change to storage reachable by variable 'active' being triggered
> without 'group' being changed is dolist("active"), that is "LIST
> ACTIVE".  valgrind confirms this bug. 'group' should probably be copied
> and findgroup()ed again, xovergroup set to group afterwards (in case it
> was before).

You have to make sure that the xovergroup matches group only when the xover
data is loaded, otherwise they may be out of sync with each other after a
LIST ACTIVE is done.

Jifl
-- 
Red Hat, Rustat House, Clifton Road, Cambridge, UK. Tel: +44 (1223) 271062
Maybe this world is another planet's Hell -Aldous Huxley || Opinions==mine

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list