URL:
<http://savannah.gnu.org/bugs/?25915>
Summary: Segfault in -[NSNotificationQueue dealloc]
Project: GNUstep
Submitted by: lcampbel
Submitted on: Wed 18 Mar 2009 02:56:06 PM GMT
Category: Base/Foundation
Severity: 3 - Normal
Item Group: Bug
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
-[NSNotificationQueue dealloc] traverses a linked list of
NSNotificationQueueRegistration objects, deleting each object from the queue,
but makes the classic mistake of dereferencing the link to the next object
_after_ the object has been freed.
Here's the fix:
--- NSNotificationQueue.m.orig 2008-06-09 00:05:01.000000000 -0400
+++ NSNotificationQueue.m 2009-03-18 10:51:55.000000000 -0400
@@ -353,6 +353,7 @@
- (void) dealloc
{
NSNotificationQueueRegistration *item;
+ NSNotificationQueueRegistration *prev;
/*
* remove from class instances list
@@ -362,14 +363,16 @@
/*
* release self from queues
*/
- for (item = _asapQueue->head; item; item=item->prev)
+ for (item = _asapQueue->head; item; item=prev)
{
+ prev = item->prev;
remove_from_queue(_asapQueue, item, _zone);
}
NSZoneFree(_zone, _asapQueue);
- for (item = _idleQueue->head; item; item=item->prev)
+ for (item = _idleQueue->head; item; item=prev)
{
+ prev = item->prev;
remove_from_queue(_idleQueue, item, _zone);
}
NSZoneFree(_zone, _idleQueue);
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?25915>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-gnustep mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-gnustep
