Summary: | ASTERISK-00250: Pointer not checked before FREEing | ||
Reporter: | matt (matt) | Labels: | |
Date Opened: | 2003-09-11 15:49:43 | Date Closed: | 2008-01-15 14:35:08.000-0600 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | In editline/el.c, approx. line 124, in function el_end(), We see the statement: el_free((ptr_t) el->el_prog); But el->el_prog was never checked for NULL (even though el itself was). I suggest adding a check for this so that it looks like the following: if (el->el_prog) el_free((ptr_t) el->el_prog); Though it may sound trivial, I did get a crash with a stack trace that suggested this may be what happened: gdb) bt #0 0x400208fe in pthread_mutex_lock () from /lib/libpthread.so.0 #1 0x4017426c in free () from /lib/libc.so.6 #2 0x0808f5fc in el_end () #3 0x08081352 in main () #4 0x08081669 in main () ASTERISK-1 0x401319c8 in sigaction () from /lib/libc.so.6 ASTERISK-2 0x08091882 in el_push () ASTERISK-3 0x08091922 in el_getc () ASTERISK-4 0x08091791 in el_push () ASTERISK-5 0x08091a51 in el_gets () ASTERISK-6 0x08080642 in main () ASTERISK-7 0x40120a51 in __libc_start_main () from /lib/libc.so.6 I have only seen this happen once and it is not easily reproducible. | ||
Comments: | By: Mark Spencer (markster) 2003-09-26 21:26:22 Fixed in CVS By: Digium Subversion (svnbot) 2008-01-15 14:35:08.000-0600 Repository: asterisk Revision: 1564 U trunk/editline/el.c ------------------------------------------------------------------------ r1564 | markster | 2008-01-15 14:35:07 -0600 (Tue, 15 Jan 2008) | 2 lines Check pointer (bug ASTERISK-250) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=1564 |