[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: Patch for memory leak in snmpd/parse.y
From:       "Matthew Dempsky" <matthew () dempsky ! org>
Date:       2008-02-23 23:20:03
Message-ID: d791b8790802231520j4e21d827h267e2ef9994e7358 () mail ! gmail ! com
[Download RAW message or body]

On 2/23/08, Claudio Jeker <cjeker@diehard.n-r-g.com> wrote:
> Please use
>         while ((h = TAILQ_FIRST(&al)) != NULL) {
>                 TAILQ_REMOVE(&al, h, entry);
>                 free(h);
>         }
>  to free the list. Your solution scares me to death -- it may be fine in
>  this case but it will return a corrupt TAILQ head node and if al would be
>  reused it would cause a use-after-free.
>  Don't put bad examples into the tree because somebody may copy it.

Sorry, you're right.  I've not used the queue(3) functions much, and
the patch I submitted is derived from the "Faster TailQ Deletion."
code sample I found in OS X's queue(3) man pages, but I missed the
final TAILQ_INIT call.  (Of course, I should have checked OpenBSD's.)

[prev in list] [next in list] [prev in thread] [next in thread]