On 19-02-13 16:27:21, Hugues Alary wrote: > (Also, I've been looking for commit 451c5a88 and can't find it > anywhere).
See http://git.haproxy.org/?p=haproxy-1.9.git;a=commit;h=451c5a88, also attached. Cheers, Georg
From 451c5a8879a9d59b489ad5117c984044d41c8338 Mon Sep 17 00:00:00 2001 From: Willy Tarreau <[email protected]> Date: Sun, 10 Feb 2019 18:49:37 +0100 Subject: [PATCH] BUG/MAJOR: stream: avoid double free on unique_id Commit 32211a1 ("BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().") addressed a memory leak but in exchange may cause double-free due to the fact that after freeing s->unique_id it doesn't null it and then calls http_end_txn() which frees it again. Thus the process quickly crashes at runtime. This fix must be backported to all stable branches where the aforementioned patch was backported. (cherry picked from commit 09c4bab41188c13e7a9227f8baaff230ebdd0875) Signed-off-by: Willy Tarreau <[email protected]> --- src/stream.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/stream.c b/src/stream.c index a96ddcb..df778b1 100644 --- a/src/stream.c +++ b/src/stream.c @@ -387,6 +387,7 @@ static void stream_free(struct stream *s) } pool_free(pool_head_uniqueid, s->unique_id); + s->unique_id = NULL; hlua_ctx_destroy(s->hlua); s->hlua = NULL; -- 1.7.10.4
signature.asc
Description: Digital signature
