From 33fc1737d5978fd2923d00c4b34b8fa1995b2c62 Mon Sep 17 00:00:00 2001 From: vraatikka Date: Thu, 12 Sep 2013 10:00:55 +0300 Subject: [PATCH] One uninitialized read in dcb_set_state_nomutex. One read of freed memory in dcb_process_zombies. The former may have affected on the program behavior. The latter left in many cases fds open and dcbs not freed for real. --- server/core/dcb.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/server/core/dcb.c b/server/core/dcb.c index c42032cae..916d19f1f 100644 --- a/server/core/dcb.c +++ b/server/core/dcb.c @@ -384,6 +384,7 @@ bool succp = false; dcb = dcb_list; while (dcb != NULL) { + DCB* dcb_next = NULL; /** * Close file descriptor and move to clean-up phase. */ @@ -391,8 +392,9 @@ bool succp = false; ss_debug(dcb->fd = 0;) succp = dcb_set_state(dcb, DCB_STATE_DISCONNECTED, NULL); ss_dassert(succp); + dcb_next = dcb->memdata.next; dcb_final_free(dcb); - dcb = dcb->memdata.next; + dcb = dcb_next; } } @@ -982,7 +984,7 @@ static bool dcb_set_state_nomutex( const dcb_state_t new_state, dcb_state_t* old_state) { - bool succp; + bool succp = false; dcb_state_t state = DCB_STATE_UNDEFINED; CHK_DCB(dcb); @@ -1016,7 +1018,6 @@ static bool dcb_set_state_nomutex( case DCB_STATE_POLLING: switch(new_state) { case DCB_STATE_NOPOLLING: - case DCB_STATE_LISTENING: dcb->state = new_state; succp = true; break; @@ -1028,7 +1029,7 @@ static bool dcb_set_state_nomutex( case DCB_STATE_LISTENING: switch(new_state) { - case DCB_STATE_POLLING: + case DCB_STATE_NOPOLLING: dcb->state = new_state; succp = true; break;