From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <2D698F12-5C4C-4F49-A976-46592D9592CE@fb.com> References: <2D698F12-5C4C-4F49-A976-46592D9592CE@fb.com> Date: Mon, 9 Jun 2014 09:18:47 +0100 Message-ID: From: Charles Forsyth To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=f46d043c7e1e3cf29e04fb62dcd7 Subject: Re: [9fans] kernel possible double free Topicbox-Message-UUID: f8af277c-ead8-11e9-9d60-3106f5b1d025 --f46d043c7e1e3cf29e04fb62dcd7 Content-Type: text/plain; charset=UTF-8 On 9 June 2014 08:40, Yoann Padioleau wrote: > I think I've found a possible situation where we call two times free on > the same pointer. > in sysexec() there is essentially > the only correct way to write these is not to rely on nil values or not, but immediately after the allocation, include a waserror, and then poperror at the appropriate point when done with the value. unless values have exactly the same life time, they should not be freed in the same waserror block. exec has been one of the trickier cases historically. --f46d043c7e1e3cf29e04fb62dcd7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

= On 9 June 2014 08:40, Yoann Padioleau <pad@fb.com> wrote:
I think I've f= ound a possible situation where we call two times free on the same pointer.=
in sysexec() there is essentially

the only corr= ect way to write these is not to rely on nil values or not, but immediately= after the allocation, include a waserror, and then poperror at the appropr= iate point when done with the value.
unless values have exactly the same life time, t= hey should not be freed in the same waserror block.
exec has been one of the trickier cases historically.
--f46d043c7e1e3cf29e04fb62dcd7--