* [PATCH BlueZ] shared/queue: Fix invalid read
@ 2014-06-27 10:47 Luiz Augusto von Dentz
2014-06-27 10:52 ` Stefan Seyfried
0 siblings, 1 reply; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2014-06-27 10:47 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
If the queue elements are destroyed by queue_destroy the head will point
to freed memory causing the following error when unit/test-queue is run:
Invalid read of size 8
at 0x401040: queue_foreach (queue.c:194)
by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x40083E: main (test-queue.c:109)
Address 0x7f65738 is 8 bytes inside a block of size 16 free'd
at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x400E29: queue_destroy (queue.c:93)
by 0x40102C: queue_foreach (queue.c:219)
by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x40083E: main (test-queue.c:109)
---
src/shared/queue.c | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/src/shared/queue.c b/src/shared/queue.c
index 4013293..3bdc1ec 100644
--- a/src/shared/queue.c
+++ b/src/shared/queue.c
@@ -75,23 +75,10 @@ struct queue *queue_new(void)
void queue_destroy(struct queue *queue, queue_destroy_func_t destroy)
{
- struct queue_entry *entry;
-
if (!queue)
return;
- entry = queue->head;
-
- while (entry) {
- struct queue_entry *tmp = entry;
-
- if (destroy)
- destroy(entry->data);
-
- entry = entry->next;
-
- free(tmp);
- }
+ queue_remove_all(queue, NULL, NULL, destroy);
queue_unref(queue);
}
--
1.9.3
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH BlueZ] shared/queue: Fix invalid read
2014-06-27 10:47 [PATCH BlueZ] shared/queue: Fix invalid read Luiz Augusto von Dentz
@ 2014-06-27 10:52 ` Stefan Seyfried
2014-06-27 11:08 ` Luiz Augusto von Dentz
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Seyfried @ 2014-06-27 10:52 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hi Luiz,
This also fixes my unit/test-queue failure.
Thanks!
Stefan
Am 27.06.2014 12:47, schrieb Luiz Augusto von Dentz:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> If the queue elements are destroyed by queue_destroy the head will point
> to freed memory causing the following error when unit/test-queue is run:
[...]
--
Stefan Seyfried
Linux Consultant & Developer -- GPG Key: 0x731B665B
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH BlueZ] shared/queue: Fix invalid read
2014-06-27 10:52 ` Stefan Seyfried
@ 2014-06-27 11:08 ` Luiz Augusto von Dentz
0 siblings, 0 replies; 3+ messages in thread
From: Luiz Augusto von Dentz @ 2014-06-27 11:08 UTC (permalink / raw)
To: Stefan Seyfried; +Cc: linux-bluetooth@vger.kernel.org
Hi,
On Fri, Jun 27, 2014 at 1:52 PM, Stefan Seyfried
<stefan.seyfried@googlemail.com> wrote:
> Hi Luiz,
>
> This also fixes my unit/test-queue failure.
>
> Thanks!
>
> Stefan
>
> Am 27.06.2014 12:47, schrieb Luiz Augusto von Dentz:
>> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>>
>> If the queue elements are destroyed by queue_destroy the head will point
>> to freed memory causing the following error when unit/test-queue is run:
Pushed.
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-06-27 11:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-27 10:47 [PATCH BlueZ] shared/queue: Fix invalid read Luiz Augusto von Dentz
2014-06-27 10:52 ` Stefan Seyfried
2014-06-27 11:08 ` Luiz Augusto von Dentz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.