From owner-freebsd-bugs  Mon Sep 17 20:40: 8 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id AA04E37B403
	for <freebsd-bugs@hub.freebsd.org>; Mon, 17 Sep 2001 20:40:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f8I3e1p35478;
	Mon, 17 Sep 2001 20:40:01 -0700 (PDT)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 155D037B411
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 17 Sep 2001 20:39:15 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f8I3dFs35404;
	Mon, 17 Sep 2001 20:39:15 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200109180339.f8I3dFs35404@freefall.freebsd.org>
Date: Mon, 17 Sep 2001 20:39:15 -0700 (PDT)
From: Ralf Meyer <meyerr@magellan.umontreal.ca>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: bin/30639: apmd crashes on SIGHUP (under certain conditions)
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         30639
>Category:       bin
>Synopsis:       apmd crashes on SIGHUP (under certain conditions)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 17 20:40:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Ralf Meyer
>Release:        4.x-STABLE
>Organization:
Université de Montréal
>Environment:
FreeBSD freyja.asgard 4.4-RC FreeBSD 4.4-RC #0: Mon Aug 20 21:43:14 EDT 2001     root@freyja.asgard:/usr/obj/usr/src/sys/FREYJA  i386
>Description:
After putting one apm_battery entry in apmd.conf, apmd crashes when receiving a 
SIGHUP. As far as I can see the crash is caused by a possible call to free with
an invalid pointer in the function destroy_config. This is due to the (faulty) double
advancement of the pointer to the linked-list of battery entries.

 
>How-To-Repeat:
Stop apmd
Activate one (not two) apm_battery entries in apmd.conf
Start apmd
send SIGHUP to apmd

Since the problem is IMHO related to an invalid call to free(), the exact outcome of 
this might depend on other factors. 
>Fix:
*** apmd.c      Mon Sep 17 22:26:25 2001
--- apmd.c.ori  Mon Aug 20 18:39:50 2001
***************
*** 412,414 ****

!       while( battery_watch_list ) {
                free_event_cmd_list(battery_watch_list->cmdlist);
--- 412,414 ----

!       for( ; battery_watch_list; battery_watch_list = battery_watch_list -> next) {
                free_event_cmd_list(battery_watch_list->cmdlist);

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message