#1793 potential double free() in oa_soap_event_thread()
There is a potential double free going on in this function (should listen_for_events not be == to SAHPI_TRUE). Let's make it more robust:
diff --git a/openhpi/trunk/plugins/oa_soap/oa_soap_event.c b/openhpi/trunk/plugins/oa_soap/oa_soap_event.c
index 986b6e8..2d2947b 100644
--- a/openhpi/trunk/plugins/oa_soap/oa_soap_event.c
+++ b/openhpi/trunk/plugins/oa_soap/oa_soap_event.c
@@ -223,6 +223,7 @@ gpointer oa_soap_event_thread(gpointer oa_pointer)
sleep(2);
}
free(url);
+ url = NULL;
/* Intialize the event request structure */
request.pid = oa->event_pid;
@@ -304,7 +305,7 @@ oa->event_con2 failed\n");
} /* end of else (SOAP call failure handling) */
} /* end of 'while(listen_for_events == SAHPI_TRUE)' loop */
- free(url);
+ if (url != NULL) free(url);
return (gpointer *) SA_OK;
}
url needs to be set to NULL after free.
Thanks for filing the this bug,
Below check is not necessary to free url.
- free(url);
+ if (url != NULL) free(url);
The final patch look like below,
Index: plugins/oa_soap/oa_soap_event.c
--- plugins/oa_soap/oa_soap_event.c (revision 7539)
+++ plugins/oa_soap/oa_soap_event.c (working copy)
@@ -223,6 +223,7 @@
sleep(2);
}
free(url);
+ url = NULL;
/* Intialize the event request structure */
request.pid = oa->event_pid;
Fixed in trunk revision #7540.