#176 Double free error in Stage, different solution

closed-out-of-date
None
5
2007-09-11
2006-03-30
No

I've found it in Stage-2.0.0a after installing it on FC5.
Data pointed by va->data pointer are freed wrong way
causing free() to fail since it takes wrong address (va
is not valid after g_list_remove call!!!, va->data
should be stored in some helper pointer!). In
Stage-2.0.1 this bug is fixed by... remarking free()
call that causes the failure. But who's freeing this
data?! In my opinion, my solution is better.

Discussion

  • Paul Osmialowski

    Logged In: YES
    user_id=1245830

    Looks like I've uploaded wrong patch, now it should be good

     
  • Paul Osmialowski

    stage-2.0.0a/src/model.c

     
  • Brian Gerkey

    Brian Gerkey - 2006-03-30
    • assigned_to: nobody --> rtv
     
  • Richard Vaughan

    Richard Vaughan - 2007-09-11

    Logged In: YES
    user_id=139639
    Originator: NO

    This code has been reimplemented, so the patch no longer applies. There may still be a memory leak - should show up with some Valgrind work, in which case I'll fix it. Thanks for your effort, though.

     
  • Richard Vaughan

    Richard Vaughan - 2007-09-11
    • status: open --> closed-out-of-date
     

Log in to post a comment.