Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3962

CID 1325824: (USE_AFTER_FREE) in malloc_bulkfree()

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 6.0.1, 6.1.0
    • Core
    • None

    Description

      ** CID 1325824:    (USE_AFTER_FREE)
/lib/ts/ink_queue.cc: 390 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()
/lib/ts/ink_queue.cc: 394 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()
/lib/ts/ink_queue.cc: 394 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()
/lib/ts/ink_queue.cc: 390 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()


________________________________________________________________________________________________________
*** CID 1325824:    (USE_AFTER_FREE)
/lib/ts/ink_queue.cc: 390 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()
384       void *item = head;
385     
386       // Avoid compiler warnings
387       (void)tail;
388     
389       if (f->alignment) {
   CID 1325824:    (USE_AFTER_FREE)
   Using freed pointer "item".
390         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
391           ats_memalign_free(item);
392         }
393       } else {
394         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
395           ats_free(item);
/lib/ts/ink_queue.cc: 394 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()
388     
389       if (f->alignment) {
390         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
391           ats_memalign_free(item);
392         }
393       } else {
   CID 1325824:    (USE_AFTER_FREE)
   Using freed pointer "item".
394         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
395           ats_free(item);
396         }
397       }
398     }
399     
/lib/ts/ink_queue.cc: 394 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()
388     
389       if (f->alignment) {
390         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
391           ats_memalign_free(item);
392         }
393       } else {
   CID 1325824:    (USE_AFTER_FREE)
   Using freed pointer "item".
394         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
395           ats_free(item);
396         }
397       }
398     }
399     
/lib/ts/ink_queue.cc: 390 in malloc_bulkfree(_InkFreeList *, void *, void *, unsigned long)()
384       void *item = head;
385     
386       // Avoid compiler warnings
387       (void)tail;
388     
389       if (f->alignment) {
   CID 1325824:    (USE_AFTER_FREE)
   Using freed pointer "item".
390         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
391           ats_memalign_free(item);
392         }
393       } else {
394         for (size_t i = 0; i < num_item && item; ++i, item = *(void **)item) {
395           ats_free(item);

      Seems we ought to not use the item in the iterator after we've already free'd it .

      Attachments

        Activity

          People

            psudaemon Phil Sorber
            zwoop Leif Hedstrom
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: