From owner-freebsd-bugs@FreeBSD.ORG Thu Jun 24 15:35:37 2010 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2ED961065670 for ; Thu, 24 Jun 2010 15:35:37 +0000 (UTC) (envelope-from Paul.Green@stratus.com) Received: from mailhub4.stratus.com (mailhub.stratus.com [134.111.1.17]) by mx1.freebsd.org (Postfix) with ESMTP id DFE178FC0C for ; Thu, 24 Jun 2010 15:35:36 +0000 (UTC) Received: from EXHQ.corp.stratus.com (exhq.corp.stratus.com [134.111.201.100]) by mailhub4.stratus.com (8.12.11/8.12.11) with ESMTP id o5OEqDDi020379 for ; Thu, 24 Jun 2010 10:52:14 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CB13AC.D19F6BB9" Date: Thu, 24 Jun 2010 10:48:13 -0400 Message-ID: <5AA430FFE4486C448003201AC83BC85EB681E0@EXHQ.corp.stratus.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [PATCH] Minor bug in hdestroy function Thread-Index: AcsTrNGqDP6I9tnoTBiBMne2N5etbA== From: "Green, Paul" To: X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: [PATCH] Minor bug in hdestroy function X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jun 2010 15:35:37 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01CB13AC.D19F6BB9 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The hdestroy function calls the free function on a generation of storage that it never allocated. It frees the pointer to the key. This can lead to unpredictable results. I can't find any evidence that the POSIX standard requires this step, and I can't find any evidence that the POSIX standard expects the hsearch function to make its own copy of the key or data items. So I believe the proper fix is to simply delete the free statement. =20 Here is the change. I generated the diff against revision 1.4, downloaded earlier today. --- hcreate.c 2010-06-24 10:39:04.000000000 -0400 +++ hcreate.c.new 2010-06-24 10:39:18.000000000 -0400 @@ -142,7 +142,6 @@ while (!SLIST_EMPTY(&htable[idx])) { ie =3D SLIST_FIRST(&htable[idx]); SLIST_REMOVE_HEAD(&htable[idx], link); - free(ie->ent.key); free(ie); } } <>=20 Thanks PG -- Paul Green, Senior Technical Consultant, Stratus Technologies. Voice: +1 978-461-7557; FAX: +1 978-461-3610; Mobile: +1 (978) 235-2451; AIM: PaulGreen ------_=_NextPart_001_01CB13AC.D19F6BB9 Content-Type: application/octet-stream; name="hcreate.c.diff" Content-Transfer-Encoding: base64 Content-Description: hcreate.c.diff Content-Disposition: attachment; filename="hcreate.c.diff" LS0tIGhjcmVhdGUuYwkyMDEwLTA2LTI0IDEwOjM5OjA0LjAwMDAwMDAwMCAtMDQwMAorKysgaGNy ZWF0ZS5jLm5ldwkyMDEwLTA2LTI0IDEwOjM5OjE4LjAwMDAwMDAwMCAtMDQwMApAQCAtMTQyLDcg KzE0Miw2IEBACiAJCXdoaWxlICghU0xJU1RfRU1QVFkoJmh0YWJsZVtpZHhdKSkgewogCQkJaWUg PSBTTElTVF9GSVJTVCgmaHRhYmxlW2lkeF0pOwogCQkJU0xJU1RfUkVNT1ZFX0hFQUQoJmh0YWJs ZVtpZHhdLCBsaW5rKTsKLQkJCWZyZWUoaWUtPmVudC5rZXkpOwogCQkJZnJlZShpZSk7CiAJCX0K IAl9Cg== ------_=_NextPart_001_01CB13AC.D19F6BB9--