[OPEN-ILS-DEV] PATCH: osrf_router.c (bug fix -- double freeing of memory)

Scott McKellar mck9 at swbell.net
Sat Mar 22 17:44:57 EDT 2008


This patch removes an inappropriate free in the 
osrfRouterProcessAppRequest function.

In the case where the method name is ROUTER_REQUEST_CLASS_LIST, we
call osrfHashKeys() to get a pointer to an osrfStringArray.  After
traversing the array, we destroy it by calling osrfStringArrayFree().

However this osrfStringArray belongs to the osrfHash, and will be
destroyed again when we destroy the osrfHash.  The result is undefined
behavior, so anything can happen, including nothing.  However I would
expect to see the application crash and burn when the osrfRouter is
destroyed.

Perhaps this branch is never actually executed in practice.  Or 
perhaps it is, but nobody noticed the crash because the program is 
running in the background or something.

(IMHO the osrfHashKeys function shouldn't exist, because it exposes
the internal implementation of an osrfHash.  If you need to look over 
the keys stored in the hash, you should use an osrfHashIterator.  At
present the iterator approach is less efficient.  If we rewrite the
osrfHash as I proposed in an earlier post today, the iterator will
be as fast, or almost as fast, as traversing the array directly.)

Scott McKellar
http://home.swbell.net/mck9/ct/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: osrf_router_c_5.patch
Type: text/x-patch
Size: 504 bytes
Desc: 1550440506-osrf_router_c_5.patch
Url : http://list.georgialibraries.org/pipermail/open-ils-dev/attachments/20080322/78abdeda/osrf_router_c_5.bin


More information about the Open-ils-dev mailing list