[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leafnode-list] Segfault in leafnode-2.0.0.alpha20030127a



Hello all,

I just compiled and installed leafnode-2.0.0.alpha20030127a and found
that running fetchnews with the -f parameter results in a segmentation
fault.  The fault occurs on line 191 of activutil.c:


    while (l) {
        la = l;
        newsgroup_copy(active + count, l->entry);
        l = l->next;
        count++;
        free(l->entry);         <<<<---- **** Segfault here ******
        free(la);               /* clean up */
    }

It seems that "l" is moved to the next entry without being checked for
NULL-ness and then dereferenced.  An older version I have lying around
(leafnode-2.0-snapshot-20020910a) does things in a different, more
correct order:

    while (l) {
        la = l;
        active[count].name = (l->entry)->name;
        active[count].first = (l->entry)->first;
        active[count].last = (l->entry)->last;
        active[count].count = (l->entry)->count;
        active[count].age = (l->entry)->age;
        active[count].desc = (l->entry)->desc;
        active[count].status = (l->entry)->status;
        free(l->entry);
        l = l->next;
        count++;
        free(la);               /* clean up */
    }

Rearranging the lines in the 20030127a activutil.c file to mirror the
order used in 20020910a as shown below appears to fix the problem.

    while (l) {
        la = l;
        newsgroup_copy(active + count, l->entry);
        free(l->entry);
        l = l->next;
        count++;
        free(la);               /* clean up */
    }

-- 
Chris Mears
chris@xxxxxxxxxxxxxxxxxx

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list