PATCH: Memory leak in Clickatell + Brunet HTTP SMSC

Stipe Tolj st at tolj.org
Mon Jul 14 17:13:25 CEST 2008


Donald Jackson schrieb:
> Hi everyone,
> 
> Attached is a diff for memory leak found in smsc_http.c for Clickatell 
> and Brunet specific implementations. The message ID Octstr's never get 
> destroyed when the dictionary gets destroyed.

-1 on this patch. Reason: we do a double free() on the Octstr pointers and cause 
a segfault.

The issue is:

   - octstr_split_words() malloc()s the new items in the list.
   - then we inject to Dict the pointer refrence, that's the "original", not a copy.
   - then we gwlist_destroy() and hence all items of the list are freed, also 
the one we put into the dict.
   - later on we dict_destroy() _WITH_ the octstr_destroy() callback and hence 
we'll try to double free. Bang.

Attached is a revised patch, that takes care we duplicate the items that we put 
into the Dict hash, so we have a clean destruction later, as the 
gwlist_destroy() took care of the original ones.

Please review and vote.

Stipe

-------------------------------------------------------------------
Kölner Landstrasse 419
40589 Düsseldorf, NRW, Germany

tolj.org system architecture      Kannel Software Foundation (KSF)
http://www.tolj.org/              http://www.kannel.org/

mailto:st_{at}_tolj.org           mailto:stolj_{at}_kannel.org
-------------------------------------------------------------------
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: smsc_http.diff
Url: http://www.kannel.org/pipermail/devel/attachments/20080714/3dba81f6/attachment.pl 


More information about the devel mailing list