Bug 62605

Summary: sd_journal_close accesses j->files after free.
Product: systemd Reporter: Marius Vollmer <marius.vollmer>
Component: generalAssignee: systemd-bugs
Status: VERIFIED FIXED QA Contact: systemd-bugs
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Marius Vollmer 2013-03-21 19:02:38 UTC 
The function sd_journal_close first frees j->files and then indirectly calls detach_location which access j->files.

When allocating hashmaps from the pool, this likely goes undetected by valgrind and likely doesn't cause any crashes either.  This does crash when the hashmap is allocated with malloc, though.
Comment 1 Lennart Poettering 2013-03-23 03:12:06 UTC 
Thanks! Fixed in git!
Comment 2 Marius Vollmer 2013-04-15 11:33:40 UTC 
Thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.