[tarantool-patches] [PATCH v2 2/5] swim: fix a 'use after free' in SWIM tests

Sat Jun 8 13:31:18 MSK 2019

It is a miracle, but somehow it worked until I changed a couple
of places. Here objects stored in an rlist are freed, but not
deleted from the list. The list is reused after that.
---
 test/unit/swim_test_transport.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/unit/swim_test_transport.c b/test/unit/swim_test_transport.c
index c4a1dd774..334ac926e 100644
--- a/test/unit/swim_test_transport.c
+++ b/test/unit/swim_test_transport.c
@@ -85,6 +85,7 @@ swim_test_packet_new(const char *data, int size, const struct sockaddr_in *src,
 static inline void
 swim_test_packet_delete(struct swim_test_packet *p)
 {
+	rlist_del_entry(p, in_queue);
 	free(p);
 }
 
-- 
2.20.1 (Apple Git-117)



