From owner-freebsd-current@FreeBSD.ORG Fri Sep 17 05:55:57 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70CBE16A4CE; Fri, 17 Sep 2004 05:55:57 +0000 (GMT) Received: from les.ath.cx (12.41.244.43.ap.yournet.ne.jp [43.244.41.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id A240343D5A; Fri, 17 Sep 2004 05:55:55 +0000 (GMT) (envelope-from qhwt+freebsd-current@les.ath.cx) Received: by les.ath.cx (Postfix, from userid 1000) id 68C981B8757; Fri, 17 Sep 2004 14:55:53 +0900 (JST) Date: Fri, 17 Sep 2004 14:55:53 +0900 From: YONETANI Tomokazu To: Lukas Ertl Message-ID: <20040917055553.GA8084@les.ath.cx> References: <20040914175102.R528@korben.in.tern> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040914175102.R528@korben.in.tern> User-Agent: Mutt/1.5.6i cc: freebsd-current@FreeBSD.org Subject: Re: rcorder(8) dumps core X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 05:55:57 -0000 On Tue, Sep 14, 2004 at 05:52:12PM +0200, Lukas Ertl wrote: > today I noticed a problem with rcorder on a very recent -CURRENT: > > [root@korben ~]# rcorder -k FreeBSD -s nostart -d /etc/rc.d/* [snip] > rcorder in free(): error: chunk is already free > Abort trap (core dumped) Core dump from double-free can be avoided by not free()'ing req_list and prov_list in iterations where it's already in progress. It doesn't solve circular dependency itself, though. Index: sbin/rcorder/rcorder.c =================================================================== RCS file: /home/source/freebsd/cvs/src/sbin/rcorder/rcorder.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 rcorder.c --- sbin/rcorder/rcorder.c 21 Jun 2002 15:56:16 -0000 1.1.1.2 +++ sbin/rcorder/rcorder.c 17 Sep 2004 05:51:24 -0000 @@ -723,8 +723,8 @@ do_file(fnode) filenode *fnode; { - f_reqnode *r, *r_tmp; - f_provnode *p, *p_tmp; + f_reqnode *r, *r_next; + f_provnode *p, *p_next; provnode *pnode; int was_set; @@ -748,22 +748,17 @@ * for each requirement of fnode -> r * satisfy_req(r, filename) */ - r = fnode->req_list; - while (r != NULL) { - r_tmp = r; + for (r = fnode->req_list; r != NULL; r = r_next) { + r_next = r->next; satisfy_req(r, fnode->filename); - r = r->next; - free(r_tmp); } - fnode->req_list = NULL; /* * for each provision of fnode -> p * remove fnode from provision list for p in hash table */ - p = fnode->prov_list; - while (p != NULL) { - p_tmp = p; + for (p = fnode->prov_list; p != NULL; p = p_next) { + p_next = p->next; pnode = p->pnode; if (pnode->next != NULL) { pnode->next->last = pnode->last; @@ -771,11 +766,7 @@ if (pnode->last != NULL) { pnode->last->next = pnode->next; } - free(pnode); - p = p->next; - free(p_tmp); } - fnode->prov_list = NULL; /* do_it(fnode) */ DPRINTF((stderr, "next do: ")); @@ -792,8 +783,19 @@ } DPRINTF((stderr, "nuking %s\n", fnode->filename)); - free(fnode->filename); - free(fnode); + if (!was_set) { + for (r = fnode->req_list; r != NULL; r = r_next) { + r_next = r->next; + free(r); + } + for (p = fnode->prov_list; p != NULL; p = p_next) { + p_next = p->next; + free(p->pnode); + free(p); + } + free(fnode->filename); + free(fnode); + } } void