The cleanup code at the end of nameif would free the ch pointer, and then dereference it to obtain ch->next. This causes glibc to detect either 'invalid pointer' or 'double-free or corruption' problems.
The problem arises for example when using nameif with an /etc/mactab file containing two entries: one with an existing MAC-address and one with a non-existing MAC address. Signed-off-by: Thomas De Schampheleire <[email protected]> diff --git a/networking/nameif.c b/networking/nameif.c --- a/networking/nameif.c +++ b/networking/nameif.c @@ -315,8 +315,11 @@ int nameif_main(int argc UNUSED_PARAM, c delete_eth_table(ch); } if (ENABLE_FEATURE_CLEAN_UP) { - for (ch = clist; ch; ch = ch->next) + ethtable_t *next = NULL; + for (ch = clist; ch; ch = next) { + next = ch->next; delete_eth_table(ch); + } config_close(parser); }; _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
