]> granicus.if.org Git - libevent/commit
projects / libevent / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5830e33) | patch
evdns: avoid double-free in evdns_base_free() for probing requests
authorAzat Khuzhin <a3at.mail@gmail.com>
Thu, 24 Mar 2016 09:49:47 +0000 (12:49 +0300)
committerAzat Khuzhin <a3at.mail@gmail.com>
Thu, 24 Mar 2016 11:09:04 +0000 (14:09 +0300)
commit4db15e09a9579a5d1df7748900fdb00f01a2fbe4
treeee6f423dc5a242dab0db78a8bc52aea8dfb78419tree | snapshot
parent5830e331e17dc16dfa191484561f5b3abf1d55bacommit | diff
evdns: avoid double-free in evdns_base_free() for probing requests

http/cancel_by_host_no_ns:
    OK ../test/regress_http.c:1384: assert(regress_dnsserver(data->base, &portnum, search_table))
    OK ../test/regress_http.c:1387: assert(dns_base)
    OK ../test/regress_http.c:1423: assert(evcon)
         OK ../test/regress_http.c:1444: assert(evhttp_make_request(evcon, req, EVHTTP_REQ_GET, "/delay") != -1): 0 vs -1
         OK ../test/regress_http.c:1455: assert(test_ok == 2): 2 vs 2
         OK ../test/regress_http.c:1480: assert(evhttp_make_request(evcon, req, EVHTTP_REQ_GET, "/test") != -1): 0 vs -1[msg] Nameserver 127.0.0.1:55948 has failed: request timed out.
[msg] All nameservers have failed

    OK ../test/regress_http.c:1274: assert(!req)
         OK ../test/regress_http.c:1505: assert(evhttp_make_request(evcon, req, EVHTTP_REQ_GET, "/test") != -1): 0 vs -1
    OK ../test/regress_http.c:1274: assert(!req)==19199== Invalid read of size 8
==19199==    at 0x4CC285: evdns_cancel_request (evdns.c:2849)
==19199==    by 0x4CEDB2: evdns_nameserver_free (evdns.c:4018)
==19199==    by 0x4CEF5B: evdns_base_free_and_unlock (evdns.c:4052)
==19199==    by 0x4CF13B: evdns_base_free (evdns.c:4088)
==19199==    by 0x4617A3: http_cancel_test (regress_http.c:1518)
==19199==    by 0x490A78: testcase_run_bare_ (tinytest.c:105)
==19199==    by 0x490D5A: testcase_run_one (tinytest.c:252)
==19199==    by 0x491699: tinytest_main (tinytest.c:434)
==19199==    by 0x47E0E0: main (regress_main.c:461)
==19199==  Address 0x61e56d0 is 0 bytes inside a block of size 48 free'd
==19199==    at 0x4C2AE6B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19199==    by 0x4AAFFF: event_mm_free_ (event.c:3516)
==19199==    by 0x4C5ADD: request_finished (evdns.c:693)
==19199==    by 0x4CEE95: evdns_base_free_and_unlock (evdns.c:4040)
==19199==    by 0x4CF13B: evdns_base_free (evdns.c:4088)
==19199==    by 0x4617A3: http_cancel_test (regress_http.c:1518)
==19199==    by 0x490A78: testcase_run_bare_ (tinytest.c:105)
==19199==    by 0x490D5A: testcase_run_one (tinytest.c:252)
==19199==    by 0x491699: tinytest_main (tinytest.c:434)
==19199==    by 0x47E0E0: main (regress_main.c:461)
==19199==  Block was alloc'd at
==19199==    at 0x4C2BBD5: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19199==    by 0x4AAEB2: event_mm_calloc_ (event.c:3459)
==19199==    by 0x4CAAA2: nameserver_send_probe (evdns.c:2327)
==19199==    by 0x4C50FF: nameserver_prod_callback (evdns.c:494)
==19199==    by 0x4A564C: event_process_active_single_queue (event.c:1646)
==19199==    by 0x4A5B95: event_process_active (event.c:1738)
==19199==    by 0x4A6296: event_base_loop (event.c:1961)
==19199==    by 0x4A5C1D: event_base_dispatch (event.c:1772)
==19199==    by 0x46172C: http_cancel_test (regress_http.c:1507)
==19199==    by 0x490A78: testcase_run_bare_ (tinytest.c:105)
==19199==    by 0x490D5A: testcase_run_one (tinytest.c:252)
==19199==    by 0x491699: tinytest_main (tinytest.c:434)
==19199==
evdns.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.