Opened 5 years ago

Closed 5 years ago

#11069 closed bug (no change required)

[package_daemon] Investigate use-after-frees detected by Coverity

Reported by: waddlesplash Owned by: bonefish
Priority: normal Milestone: R1
Component: Servers/package_daemon Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All


Specifically the four tagged as 1108467, these look somewhat related to various open tickets here.

I'm guessing that most of the RemoveItem() calls should be RemoveItem(..., false) calls in order to fix these bugs, but I'm not positive so I'll leave this here for Ingo to investigate.

Change History (2)

comment:1 Changed 5 years ago by bonefish

I probably won't have any time for the next five weeks. So anyone who wants to investigate, feel free...

comment:2 Changed 5 years ago by mmlr

Resolution: no change required
Status: newclosed

I looked over the report and Coverity is technically right in that a pointer to a freed object is passed as an argument. However the use is not problematic, as the only action happening is that the BObjectList or rather its base class _PointerList_ removes the pointer from the list (the list isn't owning so it also doesn't delete twice). There is no actual interaction with the pointed to (and freed) object. I closed the CID as "intentional" with this reasoning as a comment and will close this ticket as "no change required".

Note: See TracTickets for help on using tickets.