Opened 10 years ago
Closed 10 years ago
#11069 closed bug (no change required)
[package_daemon] Investigate use-after-frees detected by Coverity
| Reported by: | waddlesplash | Owned by: | bonefish |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | Servers/package_daemon | Version: | R1/Development |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
Specifically the four tagged as 1108467, these look somewhat related to various open tickets here.
I'm guessing that most of the RemoveItem() calls should be RemoveItem(..., false) calls in order to fix these bugs, but I'm not positive so I'll leave this here for Ingo to investigate.
Change History (2)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
| Resolution: | → no change required |
|---|---|
| Status: | new → closed |
I looked over the report and Coverity is technically right in that a pointer to a freed object is passed as an argument. However the use is not problematic, as the only action happening is that the BObjectList or rather its base class _PointerList_ removes the pointer from the list (the list isn't owning so it also doesn't delete twice). There is no actual interaction with the pointed to (and freed) object. I closed the CID as "intentional" with this reasoning as a comment and will close this ticket as "no change required".
I probably won't have any time for the next five weeks. So anyone who wants to investigate, feel free...