Double clean up leads to accessing invalid memory
Bug #1126601 reported by
Martin C. Martin
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libmemcached |
Fix Released
|
Medium
|
Brian Aker |
Bug Description
From get.cc around line 560:
if (memcached_
{
rc= MEMCACHED_
}
if (memcached_
{
rc= MEMCACHED_
}
If both memcached_io_writes fail, we call the reset functions twice, and the second resets result in invalid accesses, according to valgrind. I think we even got a crash later.
Related branches
lp:~tangent-org/libmemcached/1.0-build
- Tangent Trunk: Pending requested
-
Diff: 287 lines (+48/-50)10 files modifiedexample/include.am (+1/-1)
libmemcached/common.h (+8/-1)
libmemcached/connect.cc (+3/-10)
libmemcached/connect.hpp (+0/-2)
libmemcached/get.cc (+2/-2)
libmemcached/instance.cc (+0/-5)
libmemcached/stats.cc (+2/-2)
libmemcached/string.cc (+13/-8)
libmemcached/version.cc (+15/-15)
libtest/comparison.hpp (+4/-4)
Changed in libmemcached: | |
milestone: | none → 1.0.17 |
assignee: | nobody → Brian Aker (brianaker) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in libmemcached: | |
status: | In Progress → Fix Committed |
Changed in libmemcached: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
BTW, suggested fix is to add an "else" before the second "if".