silc-client-1.1.4 memory corruption
Pekka Riikonen
priikone at iki.fi
Sat Apr 5 13:12:11 CEST 2008
:
: Running with efence, I got segfault. Using free()d memory.
:
: #0 0x0000555555637dd8 in silc_client_command_call (client=0x2b7484245fc8,
: conn=0x2b749dac4f70, command_line=0x2b75291f6fe4 "JOIN ipv4 -founder -auth")
: at command.c:495
: #1 0x00005555555da4af in silc_queue_command_call (client=0x2b7484245fc8,
: conn=0x2b749dac4f70, command_line=0x2b75291f6fe4 "JOIN ipv4 -founder -auth")
: at silc-cmdqueue.c:129
:
This is because the previous line
silc_fsm_start_sync(&cmd->thread, command->command);
not only executes the command but finishes the command too by the time the
function returns. Two fixes possible: don't access cmd->cmd_ident but
save cmd_ident to temp variable or use silc_fsm_start which is not
synchronous.
The first reported crash seem not be related to this. It appears to be
double free.
Pekka
___________________________________________________________________________
Pekka Riikonen | Email: priikone at iki.fi
SILC - http://silcnet.org/ | http://iki.fi/priikone/
Tel. +358 (0)40 580 6673 | Mechelingatan 15 A 15, 00100 Helsinki
PGP KeyID A924ED4F: http://iki.fi/~priikone/pubkey.asc
More information about the silc-devel
mailing list