Hi,
Looking at line 1017 of store_dir_ufs.c I have found:
/* buffered write */
if (state->outbuf_offset + ss > CLEAN_BUF_SZ) {
if (write(state->fd, state->outbuf, state->outbuf_offset) < 0) {
debug(50, 0) ("storeDirWriteCleanLogs: %s: write: %s\n",
state->new, xstrerror());
debug(20, 0) ("storeDirWriteCleanLogs: Current swap logfile
not replaced.\n");
file_close(state->fd);
state->fd = -1;
unlink(state->new);
safe_free(state); <=== Free state
sd->log.clean.state = NULL;
sd->log.clean.write = NULL;
}
state->outbuf_offset = 0; <=== Use state after
safe_free
}
When write returns an error, we reference an unallocated structure.
Regards
Guido
-
=======================================================
Serassio Guido
Via Albenga, 11/4 10134 - Torino - ITALY
E-mail: guido.serassio@serassio.it
WWW: http://www.serassio.it
Received on Sat Mar 23 2002 - 04:46:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:53 MST