Double clean up leads to accessing invalid memory
Bug #1126601 reported by
Martin C. Martin
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libmemcached |
Fix Released
|
Medium
|
Brian Aker | ||
Bug Description
From get.cc around line 560:
if (memcached_
{
rc= MEMCACHED_
}
if (memcached_
{
rc= MEMCACHED_
}
If both memcached_io_writes fail, we call the reset functions twice, and the second resets result in invalid accesses, according to valgrind. I think we even got a crash later.
Related branches
lp:~tangent-org/libmemcached/1.0-build
- Tangent Trunk: Pending requested
-
Diff: 287 lines (+48/-50)10 files modifiedexample/include.am (+1/-1)
libmemcached/common.h (+8/-1)
libmemcached/connect.cc (+3/-10)
libmemcached/connect.hpp (+0/-2)
libmemcached/get.cc (+2/-2)
libmemcached/instance.cc (+0/-5)
libmemcached/stats.cc (+2/-2)
libmemcached/string.cc (+13/-8)
libmemcached/version.cc (+15/-15)
libtest/comparison.hpp (+4/-4)
Revision history for this message
| Martin C. Martin (martin-b69y0hv8h) wrote | #1 |
| Changed in libmemcached: | |
| milestone: | none → 1.0.17 |
| assignee: | nobody → Brian Aker (brianaker) |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| Changed in libmemcached: | |
| status: | In Progress → Fix Committed |
| Changed in libmemcached: | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Hassan El Jacifi (waver) wrote | #2 |
To post a comment you must log in.
BTW, suggested fix is to add an "else" before the second "if".