On Mon, Jul 16, 2018 at 08:32:31AM +0200, Janusz Dziemidowicz wrote: > pon., 16 lip 2018 o 08:02 Willy Tarreau <[email protected]> napisal(a): > > This one looks a bit strange. I looked at it a little bit and it corresponds > > to the line "free(bind_conf->keys_ref->tlskeys);". Unfortunately, there is > > no > > other line in the code appearing to perfom a free on this element, and when > > passing through this code the key_ref is destroyed and properly nulled. I > > checked if it was possible for this element not to be allocated and I don't > > see how that could happen either. Thus I'm seeing only three possibilities : > > > > - this element was duplicated and appears at multiple places (multiple > > list > > elements) leading to a real double free > > > > - there is a memory corruption somewhere possibly resulting in this > > element > > being corrupted and not in fact victim of a double free > > > > - I can't read code and there is another free that I failed to detect. > > > > Are you able to trigger this on a trivial config ? Maybe it only happens > > when certain features you have in your config are enabled ? > > I've reported this some time ago :) > https://www.mail-archive.com/[email protected]/msg30093.html
Ah thank you Janusz, and I notice that your report matches Thierry's second e-mail very closely. I'm CCing Nenad who added the tls-ticket-keys in case he has any idea on the subject, based on how the bind line is initialized maybe. thanks, Willy
