Skip to content
Snippets Groups Projects
New look
Closed (moved) double connection_free() in dns_resolve()
  • View options

    • double connection_free() in dns_resolve()

  • View options
    • Closed (moved) Issue created by Roger Dingledine

    If dns_resolve()'s call to dns_resolve_impl() returns -1, it ends up running

          dns_cancel_pending_resolve(exitconn->_base.address);

      if (!exitconn->_base.marked_for_close) {
        connection_free(TO_CONN(exitconn));

    But dns_cancel_pending_resolve() runs

      while (resolve->pending_connections) {
...
    if (!pendconn->_base.marked_for_close)
      connection_free(TO_CONN(pendconn));

    So we would end up calling connection_free() on it twice. But we don't in practice, since the first connection_free() scribbles 0xCC on it, which sets marked_for_close to true, so we don't free it the second time! Cue Nick's circus music.

    Our friendly irc person says "fix not so easy btw, connection_free() still need to call if no it was attached to pending resolve list."

    Linked items ... 0

    • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading