Opened 15 years ago
Closed 15 years ago
#304 closed defect (fixed)
Double free caused by delete of directory from DirCnr followed by rescan/clear of container.
| Reported by: | Gregg Young | Owned by: | Gregg Young |
|---|---|---|---|
| Priority: | minor | Milestone: | Release_3.15 |
| Component: | fm/2 base | Version: | 3.14 |
| Keywords: | Cc: |
Description
It is caused by deleting something from a directory container and then later clearing the container. What appears to happen is that pszFileName gets freed but since pszDisplayName pointed into pszFileName it wasn't freed (as it was designed). The problem is that when the container is cleared since pszDisplayName which no longer points into the freed pszFileName gets free (unfortunately for the second time). I now check for pszDisplayname after pszFileName has been freed and if it exists and isn't Nullstr I set it to NULL.
One additional note. This triggers the dbgmsg that states pszFileName is already NULL. Another interesting finding is it only happens if a subdirectory is deleted. I have just set pszDisplayName NULL if pszFileName is already NULL (I moved it above the pszDisplayName free code). The real fix is not to cycle it through again. We need to look at how deleting a directory is done differently from a file.
Change History (2)
comment:1 Changed 15 years ago by
| Status: | new → assigned |
|---|
comment:2 Changed 15 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
CS 1318