Hi Magnus,
On Sun, Jan 25, 2026 at 11:53:08AM -0700, Nopey Nope wrote:
Thanks for the guidance, Rodrigo!
Had a better idea on how to fix the socketdata use-after-free; new
attached patch 0002 fixes the bug by only freeing the queued sockdata
if it's exclusively owned by the server queue.
I've added information in the commit summaries as suggested.
I also added an assert in Http_socket_enqueue, which makes explicit
the precondition that socketdata can only be queued to one server at a
time.
This assert has not tripped, and hopefully never will; I thought it
helped illustrate the relation between servers and socketdatas.
Thanks a lot!, they both look good.
I'll leave the assert in Http_socket_enqueue but remove the message
string as it causes a warning in gcc and I don't think is needed for
this case.
https://git.dillo-browser.org/dillo/log/?h=fix-uaf
I will test it a bit with ASan enabled and merge it if nothing breaks.
Best,
Rodrigo.
_______________________________________________
Dillo-dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
