Package: tcpick / 0.2.1-7

fix-double-free-error.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
Description: Fix double-free error
 tcpick try to free twice the pointer to the filename it uses to write
 the data. This patches fixes that.
Author: Cedric Delfosse <cedric@debian.org>
Bug-Debian: http://bugs.debian.org/319864
Last-Update: 2005-07-26
Origin: vendor, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319864#19

--- a/src/tracker.c
+++ b/src/tracker.c
@@ -99,8 +99,9 @@ int rmconn( struct CONN * prev_ring )
 	if( curr->next == NULL )
 		last_conn = prev_ring;
 	
-	free_desc( &(curr->client) );
-	free_desc( &(curr->server) );
+	free_desc( &(curr->client), 1);
+	if (flags.writer.type == UNIQUE) free_desc( &(curr->server), 0);
+	else free_desc( &(curr->server), 1);
 	S_free( curr );
 
 	conn = first_conn;
@@ -124,7 +125,7 @@ int rmconn( struct CONN * prev_ring )
 		count_opened--;
 }
 
-int free_desc( struct HOST_DESC * desc )
+int free_desc( struct HOST_DESC * desc, int freedescfilename )
 /* frees the host descriptor and closes the file */
 {
 	struct FRAGMENT * tmp;
@@ -134,7 +135,7 @@ int free_desc( struct HOST_DESC * desc )
 		if (flags.writer.type == UNIQUE)
 			desc->oth->file = NULL;
 	}
-	if( desc->filename ) {
+	if( desc->filename && freedescfilename ) {
 		S_free( desc->filename );
 		desc->filename = NULL;
 	}