server_port_flush looks strange
Coverity (cid 424) complains about us using a freed variable inside the while loop. Technically we're not doing anything dangerous, because we explicitly set that variable to null, but while looking at the loop, it seems that it can never be executed more than once, because port->pending_replies is never updated. It appears to me that a patch like this should fix the problem:
diff --git a/src/or/eventdns.c b/src/or/eventdns.c index 83bff67..70cf28c 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -1303,6 +1303,12 @@ server_port_flush(struct evdns_server_port *port) return; log(EVDNS_LOG_WARN, "Error %s (%d) while writing response to port; dropping", tor_socket_strerror(err), err); }
-
if (req->next_pending && req->next_pending != req) {
-
port->pending_replies = req->next_pending;
-
} else {
-
port->pending_replies = NULL;
-
}
-
if (server_request_free(req)) { /* we released the last reference to req->port. */ return;
But maybe I'm missing some subtleties here?
[Automatically added by flyspray2trac: Operating System: All]