[Vortex] Bug: double free of vortex_ctx
Francis Brosnan Blazquez
francis at aspl.es
Tue Jan 15 13:43:05 CET 2008
Hi Jens,
> There seems to be a bug in vortex.c that causes the vortex_ctx to be
> freed twice if vortex_dtds_init fails. I discovered this due to a
> double-free warning from malloc. The sequence of events is:
>
> - vortex_init calls vortex_init_ctx
> - vortex_init_ctx calls vortex_dtds_init
> - that function returns false
> - so vortex_init_ctx calls vortex_ctx_free (vortex.c:899) and
> returns
> false
> - vortex_init calls vortex_ctx_free again (vortex.c:793)
You are right, there is a double free bug on dtd loading failure....
> My guess is that the line vortex.c:899 should be deleted, because
> there are other paths out of that function that return false but do
> not free the context.
Yes, that line must be deleted because vortex_init_ctx should call to
free the context received.
I've updated the file to avoid doing so. Thanks for reporting Jens!
> (The line numbers are from SVN rev 3194.)
>
> --Jens
--
Francis Brosnan Blazquez <francis at aspl.es>
Advanced Software Production Line, S.L.
More information about the Vortex
mailing list