[Vortex] Bug: double free of vortex_ctx
Jens Alfke
Jens at Mooseyard.com
Tue Jan 15 01:03:52 CET 2008
There seems to be a bug in vortex.c that causes the vortex_ctx to be
freed twice if vortex_dtds_init fails. I discovered this due to a
double-free warning from malloc. The sequence of events is:
- vortex_init calls vortex_init_ctx
- vortex_init_ctx calls vortex_dtds_init
- that function returns false
- so vortex_init_ctx calls vortex_ctx_free (vortex.c:899) and returns
false
- vortex_init calls vortex_ctx_free again (vortex.c:793)
My guess is that the line vortex.c:899 should be deleted, because
there are other paths out of that function that return false but do
not free the context.
(The line numbers are from SVN rev 3194.)
--Jens
More information about the Vortex
mailing list