improxy icon indicating copy to clipboard operation
improxy copied to clipboard

Published 20 hours ago verified publisher icon haibbo

access to a memory that has been free

Open githubfean opened this issue 11 years ago • 0 comments

Dear author: I would like to report a problem (bug).

at source_timer_handler() in data.c, the code segment could have crash risk.

The imp_group_cleanup(p_gp) will free (p_gp) at end of that function. After return, the last line "imp_membership_db_update(&p_gp->group_addr);"

reference it again. But p_gp is freed. So, that could have problem with some compiler or system..

if(p_gp->type == GROUP_INCLUDE && imp_source_exist_allow(p_gp) == 0){

    /* If there are no more source records for the group, delete group record.
     * rfc 3376 [6.3]
     */
    imp_group_cleanup(p_gp);
}
imp_membership_db_update(&p_gp->group_addr);

githubfean avatar Aug 28 '14 10:08 githubfean