[BusyBox] httpd segfault

Vladimir N. Oleynik dzo at simtreas.ru
Mon Dec 15 08:29:59 UTC 2003


Pete,

>   I'm running into a segfault with httpd.  I tracked this down to the 
> config->referer handling.
> 
>   Specifically, if a request comes in that has a referrer in it, then 
> config->referer is strdup'd to create a new string representing that 
> value, in handleIncoming.  Later when handleIncoming is done, this 
> buffer is freed, but the config->referer pointer is NOT zero'd.
> 
>   If another request comes in after that, without a referer line, then 
> the old config->referer pointer is free'd again, probably causing a 
> segfault (at least it does on my system).
> 
>   The solution is to simply zero the config->referer pointer at the 
> bottom of the handleIncoming function.
> 
> Pete Flugstad
> 
> PS: caught this with ElectricFence - all hail Electric Fence!!!

Its ElectricFence problem.
Its not double free. Its free(NULL) as modern-like for size and
speed optimizarion possibled trick.


--w
vodz




More information about the busybox mailing list