Using one of my favourite tools, valgrind, I found a double free in the use
of the dict structure. See attached patch against CVS.
The double free occurs because the dict data destroy function is called on
the boxc_id pointer when the dict structures are destroyed during shutdown
in:
gw/bb_boxc.c
smsboxc_run()
by dict_destroy
It's only a very minor memory handling _problem_.
Cheers,
Ben.
--
Benjamin Lee
Melbourne, Australia "Always real." http://www.realthought.net/
__________________________________________________________________________
Computers are unreliable, but humans are even more unreliable.
Any system which depends on human reliability is unreliable.
-- Gilb
Index: gw/bb_boxc.c
===================================================================
RCS file: /home/cvs/gateway/gw/bb_boxc.c,v
retrieving revision 1.74
diff -u -r1.74 bb_boxc.c
--- gw/bb_boxc.c 17 Dec 2003 16:34:26 -0000 1.74
+++ gw/bb_boxc.c 23 Jan 2004 12:28:36 -0000
@@ -998,7 +998,7 @@
debug("bb.boxc",0,"Adding smsbox routing to id <%s> for smsc id <%s>",
octstr_get_cstr(boxc_id), octstr_get_cstr(item));
- dict_put(smsbox_by_smsc, item, boxc_id);
+ dict_put(smsbox_by_smsc, item, octstr_duplicate(boxc_id));
}
list_destroy(items, octstr_destroy_item);
octstr_destroy(smsc_ids);
@@ -1013,11 +1013,12 @@
debug("bb.boxc",0,"Adding smsbox routing to id <%s> for receiver no
<%s>",
octstr_get_cstr(boxc_id), octstr_get_cstr(item));
- dict_put(smsbox_by_receiver, item, boxc_id);
+ dict_put(smsbox_by_receiver, item, octstr_duplicate(boxc_id));
}
list_destroy(items, octstr_destroy_item);
octstr_destroy(shortcuts);
}
+ octstr_destroy(boxc_id);
}
list_destroy(list, NULL);
