62605 – sd_journal_close accesses j->files after free.

Bug 62605 - sd_journal_close accesses j->files after free.

Summary: sd_journal_close accesses j->files after free.

Status:	VERIFIED FIXED

Alias:	None

Product:	systemd
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	systemd-bugs
QA Contact:	systemd-bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-03-21 19:02 UTC by Marius Vollmer
Modified:	2013-04-15 11:33 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Marius Vollmer 2013-03-21 19:02:38 UTC

The function sd_journal_close first frees j->files and then indirectly calls detach_location which access j->files.

When allocating hashmaps from the pool, this likely goes undetected by valgrind and likely doesn't cause any crashes either.  This does crash when the hashmap is allocated with malloc, though.

Comment 1 Lennart Poettering 2013-03-23 03:12:06 UTC

Thanks! Fixed in git!

Comment 2 Marius Vollmer 2013-04-15 11:33:40 UTC

Thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.