FWIW there are two locations in mem/f_malloc.c that might have problems with
`n->prev` being NULL before calling `fm_remove_free`:
- The first one is [line
353](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L353) if `n`
=== `frag`.
- The other one is the one where this issue goes through, [line
385](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L385). The
loop at [lines
332-337](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L332)
never checks `frag->prev`.
Also there are only three places were `->prev` is set to NULL:
- in
[`fm_remove_free`](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L178)
- in
[`fm_malloc_init`](https://github.com/OpenSIPS/opensips/blob/2.1/mem/f_malloc.c#L288)
for `qm->last_frag` and `qm->first_frag`.
Not sure I can help much more. :]
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/721#issuecomment-163221854
_______________________________________________
Devel mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
