Hi, I'm realizing that a doble freeing occurs in regex module when it fails to start due to module params errors. But I'm sure it didn't occur in Kamailio 1.5. My question is the following:
static int *number; number = shm_malloc(sizeof(int)); shm_free(number);
Should now number be NULL? I confirm that it's NOT, so I get a double freeing since the function free_shared_memory() is executed twice and I check "if (number)" before doing "shm_free(number)".
So is it a change in 3.X? should I write:
shm_free(number); number = NULL;
?
Thanks a lot.
Hello,
On 2/28/12 8:14 PM, Iñaki Baz Castillo wrote:
Hi, I'm realizing that a doble freeing occurs in regex module when it fails to start due to module params errors. But I'm sure it didn't occur in Kamailio 1.5. My question is the following:
static int *number; number = shm_malloc(sizeof(int)); shm_free(number);
Should now number be NULL? I confirm that it's NOT, so I get a double freeing since the function free_shared_memory() is executed twice and I check "if (number)" before doing "shm_free(number)".
So is it a change in 3.X? should I write:
shm_free(number); number = NULL;
?
the pointer is not set to NULL, it never was, no matter the version and name, since ser was started. Not even with system malloc, free does not set it to null. One reason is that the pointer is given as parameter by value, so the variable holding it cannot be changed. Well, in K, shm_free() is a macro (define) and can be coded to set it to null, but it is a risk if the parameter is an expression (e.g., computing the pointer from: a start of a structure + offset).
To be able and safe to set it to null in a function, the parameter must be a pointer to the pointer, like:
static int *number; number = shm_malloc(sizeof(int)); my_shm_free(&number);
Cheers, Daniel
-- Daniel-Constantin Mierla -- http://www.asipto.com http://linkedin.com/in/miconda -- http://twitter.com/miconda
2012/2/28 Daniel-Constantin Mierla miconda@gmail.com:
the pointer is not set to NULL, it never was, no matter the version and name, since ser was started. Not even with system malloc, free does not set it to null. One reason is that the pointer is given as parameter by value, so the variable holding it cannot be changed. Well, in K, shm_free() is a macro (define) and can be coded to set it to null, but it is a risk if the parameter is an expression (e.g., computing the pointer from: a start of a structure + offset).
To be able and safe to set it to null in a function, the parameter must be a pointer to the pointer, like:
static int *number; number = shm_malloc(sizeof(int)); my_shm_free(&number);
Thanks a lot. Then there was a bug I will fix right now. Indeed setting it to NULL does fix the problem.
You pass the value of a pointer, not the address of a pointer and therefore it cannot be set to NULL. You need to check if the shm_malloc is successful and before calling shm_free, you should check the value of the pointer. Also, it is always good to set the pointer to NULL after a shm_free to avoid dangling pointers.
Regards, Ovidiu Sas
On Tue, Feb 28, 2012 at 2:14 PM, Iñaki Baz Castillo ibc@aliax.net wrote:
Hi, I'm realizing that a doble freeing occurs in regex module when it fails to start due to module params errors. But I'm sure it didn't occur in Kamailio 1.5. My question is the following:
static int *number; number = shm_malloc(sizeof(int)); shm_free(number);
Should now number be NULL? I confirm that it's NOT, so I get a double freeing since the function free_shared_memory() is executed twice and I check "if (number)" before doing "shm_free(number)".
So is it a change in 3.X? should I write:
shm_free(number); number = NULL;
?
Thanks a lot.
-- Iñaki Baz Castillo ibc@aliax.net
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
2012/2/28 Ovidiu Sas osas@voipembedded.com:
You pass the value of a pointer, not the address of a pointer and therefore it cannot be set to NULL. You need to check if the shm_malloc is successful and before calling shm_free, you should check the value of the pointer. Also, it is always good to set the pointer to NULL after a shm_free to avoid dangling pointers.
Understood. That is exactly how it is now (will commit it right now).
Thanks a lot.
Hello,
2012/2/28 Iñaki Baz Castillo ibc@aliax.net: [snip]
Understood. That is exactly how it is now (will commit it right now).
is this fix relevant for 3.2 branch too? Please merge the commit if it is.
Thanks
2012/2/29 Victor Seva linuxmaniac@torreviejawireless.org:
2012/2/28 Iñaki Baz Castillo ibc@aliax.net: [snip]
Understood. That is exactly how it is now (will commit it right now).
is this fix relevant for 3.2 branch too? Please merge the commit if it is.
The commit fixes a specific bug:
In case regex module is provided with an invalid / non-existing pcres file ("file" parameter) then a double freeing will occur when starting kamailio (the daemon would fail anyway due to the bad config, but without the fix it creates a coredump).
I will add it to 3.2 branch.
Thanks.
2012/2/29 Iñaki Baz Castillo ibc@aliax.net:
I will add it to 3.2 branch.
Done.
-
Daniel-Constantin Mierla -
Iñaki Baz Castillo -
Ovidiu Sas -
Victor Seva