Nerijus Baliunas <nerijus@...> wrote:
> (gdb) bt
> #0 0x00b8a7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> #1 0x00bca7a5 in raise () from /lib/tls/libc.so.6
> #2 0x00bcc209 in abort () from /lib/tls/libc.so.6
> #3 0x00bfe71a in __libc_message () from /lib/tls/libc.so.6
> #4 0x00c04fbf in _int_free () from /lib/tls/libc.so.6
> #5 0x00c0533a in free () from /lib/tls/libc.so.6
> #6 0x0804a829 in mlfi_close (ctx=0x99f3430) at milter-greylist.c:1036
> #7 0x0805e788 in mi_engine ()
> #8 0x0805ccd6 in mi_handle_session ()
> #9 0x0805c394 in mi_thread_handle_wrapper ()
> #10 0x00d00371 in start_thread () from /lib/tls/libpthread.so.0
> #11 0x00c6affe in clone () from /lib/tls/libc.so.6
>
> Anything else I should check? I didn't exit from gdb yet.
frame 6
You should see you crashed on:
free(priv->priv_buf);
You are using content filtering (body or header clause), right?
Then apply this patch and tell me that it does not happen anymore.
Index: milter-greylist.c
===================================================================
RCS file: /milter-greylist/milter-greylist/milter-greylist.c,v
retrieving revision 1.156
diff -U4 -r1.156 milter-greylist.c
--- milter-greylist.c 18 Jan 2007 15:04:28 -0000 1.156
+++ milter-greylist.c 26 Jan 2007 20:27:12 -0000
@@ -727,8 +727,9 @@
/* Gather data saved from a previous call */
if (priv->priv_buf) {
memcpy(b->b_lines, priv->priv_buf, priv->priv_buflen);
free(priv->priv_buf);
+ priv->priv_buf = NULL;
}
memcpy(b->b_lines + priv->priv_buflen, chunk, i + 1);
b->b_lines[linelen] = '\0';
priv->priv_buflen = 0;
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...Message
Re: [milter-greylist] double free or corruption
2007-01-26 by manu@netbsd.org