Re: [Crash-utility] Error in unload_extension
----- Original Message -----
I was running valgrind to check some of my own code and then stumbled
upon the following:
In function unload_extension (extensions.c) last loop:
for (ext = extension_table, found = FALSE; ext; ext = ext->next) {
in the loop free(ext) is performed and then ext is accessed again in
the loop control statement. Fix:
- either test for “!found && ext” in loop control or
- break the loop if the free statement has executed.
Note that there is also a risk that the loop continues (with current
code), even if found becomes true, as ext->next is not changed.
Jan,
Thanks for catching that -- I'll just have it break the loop when found.
But given that the ext->next pointer is near the end of the structure,
it apparently remains unmodified by the free() bookkeeping, and the
for loop just harmlessly continues with the ext->next setting since
it was not changed. At least, in my testing it works regardless whether
the removed entry is at the beginning, middle, or at the end of the list.
Queued for crash-6.1.2.
Thanks again,
Dave