[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gawk: other double free(_wstr)
|
From: |
Karel Zak |
|
Subject: |
Re: gawk: other double free(_wstr) |
|
Date: |
Fri, 12 Jan 2007 12:46:39 +0100 |
|
User-agent: |
Mutt/1.5.11 |
On Fri, Jan 12, 2007 at 11:46:58AM +0100, Karel Zak wrote:
>
>>
> The problem is probably somewhere around rebuild_record(), because it
> calls unref() (which correctly deallocates wstptr), but then the
> rebuild_record() reassigns deallocated wstptr back to fields_arr[i]:
>
> n->stptr = cops;
> unref(fields_arr[i]); <--- free( fields_arr[i]->wstptr )
> fields_arr[i] = n; <--- deallocated wstptr is back
>
> I'm not sure how correctly fix the problem, maybe the "n"
> should be without WSTRCUR flag before reassigning to fields_arr[i].
>
> n->flags &= ~(MALLOC|TEMP|PERM|STRING|CURSTR|WCURSTR);
> ^^^^^^^^^^^^^^^
BTW, in the original Aharon's patch
Fri Mar 10 06:28:23 2006 Arnold D. Robbins <address@hidden>
was:
n->stptr = cops;
+ free_wstr(n);
unref(fields_arr[i]);
fields_arr[i] = n;
(but there wasn't free_wstr() in unref())
I think the "n" should be still zeroized in rebuild_record() :
n->stptr = cops;
unref(fields_arr[i]);
+ n->wstptr = NULL;
+ n->wstlen = 0;
+ n->flag &= ~WCURSTR;
fields_arr[i] = n;
Karel
--
Karel Zak <address@hidden>