pon., 16 lip 2018 o 08:02 Willy Tarreau <w...@1wt.eu> napisaƂ(a):
> This one looks a bit strange. I looked at it a little bit and it corresponds
> to the line "free(bind_conf->keys_ref->tlskeys);". Unfortunately, there is no
> other line in the code appearing to perfom a free on this element, and when
> passing through this code the key_ref is destroyed and properly nulled. I
> checked if it was possible for this element not to be allocated and I don't
> see how that could happen either. Thus I'm seeing only three possibilities :
>
>   - this element was duplicated and appears at multiple places (multiple list
>     elements) leading to a real double free
>
>   - there is a memory corruption somewhere possibly resulting in this element
>     being corrupted and not in fact victim of a double free
>
>   - I can't read code and there is another free that I failed to detect.
>
> Are you able to trigger this on a trivial config ? Maybe it only happens
> when certain features you have in your config are enabled ?

I've reported this some time ago :)
https://www.mail-archive.com/haproxy@formilux.org/msg30093.html

-- 
Janusz Dziemidowicz

Reply via email to