Bug#256954: frees wrong memory
Package: cdebconf
Version: 0.65
Severity: serious
Tags: patch
The first time ethdetect calls db_unregister, the read command
fails. This prevents it from reading parameters, which prevents
it from loading the ne module, which prevents the network from
working, which prevents the installation from succeeding.
I think the read fails because the other end of the pipe closes
because cdebconf crashes because of a bug in
question_owner_delete: if the owner that it is trying to delete is
not last one in the list, it frees the owner field.
The attached, untested patch should fix it, but I'd appreciate a
review.
--
Matt Kraai kraai@ftbfs.org http://ftbfs.org/
Index: packages/cdebconf/src/question.c
===================================================================
--- packages/cdebconf/src/question.c (revision 17219)
+++ packages/cdebconf/src/question.c (working copy)
@@ -122,25 +122,22 @@
void question_owner_delete(struct question *q, const char *owner)
{
- struct questionowner **ownerp, *nextp;
+ struct questionowner **ownerp;
- for (ownerp = &q->owners; *ownerp != 0; ownerp = &(*ownerp)->next)
+ for (ownerp = &q->owners; *ownerp != 0;)
{
if (strcmp((*ownerp)->owner, owner) == 0)
{
- nextp = (*ownerp)->next;
- if (nextp == 0)
- {
- nextp = *ownerp;
- *ownerp = 0;
- }
- else
- {
- **ownerp = *nextp;
- }
- DELETE(nextp->owner);
- DELETE(nextp);
+ struct questionowner *currentp = *ownerp;
+
+ *ownerp = currentp->next;
+ DELETE(currentp->owner);
+ DELETE(currentp);
}
+ else
+ {
+ ownerp = &(*ownerp)->next;
+ }
}
}
Reply to: