On 01/18/2012 04:01 PM, Wes Hardaker wrote:
>>>>>> On Tue, 17 Jan 2012 10:50:44 +0100, Jan Safranek <[email protected]>
>>>>>> said:
>
> JS> It's not that easy, agent_registry.c:1164 was only an example. There are
> JS> other places, where the reginfo is not freed before returning error from
> JS> this function.
>
> Ok, where are the others? We can fix them too of course.
oops, I missed that netsnmp_subtree_free() frees also its reginfo, so
the only places I can find are line 1219:
if (sub2 == NULL) {
unregister_mib_context(mibloc, mibloclen, priority,
range_subid, range_ubound, context);
netsnmp_set_lookup_cache_size(old_lookup_cache_val);
invalidate_lookup_cache(context);
return MIB_REGISTRATION_FAILED;
}
Will unregister_mib_context() free subtree's reginfo and the subtree itself?
> The documentation has still clearly stated that it'll be freed, which
> makes this:
>
> JS> In addition, Coverity tells me that there some callers use reginfo when
> JS> netsnmp_register_mib() fails (-> sigsegv), again, one example for all:
> JS> hrSWInstalledTable.c:143: freed_arg: "netsnmp_register_table" frees "reg".
> JS> hrSWInstalledTable.c:167: double_free: Calling
> JS> "netsnmp_handler_registration_free" frees pointer "reg" which has
> JS> already been freed.
>
> clearly a mistake.
Ok, I'll try to fix as much as possible.
Jan
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
