www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: [libssh2] #268: [PATCH]Field accessed after dealloc causing error on Windows

[libssh2] #268: [PATCH]Field accessed after dealloc causing error on Windows

From: libssh2 Trac <trac_at_libssh2.stuge.se>
Date: Mon, 12 Aug 2013 12:25:10 -0000

#268: [PATCH]Field accessed after dealloc causing error on Windows
 Reporter: Jens | Owner:
     Type: defect | Status: new
 Priority: normal | Milestone: 1.4.3
Component: API | Version: 1.4.2
 Keywords: Dump Free _RtlpBreakPointHeap | Blocked By:
   Blocks: |
 On Windows:
 Freeing a forward channel is causing an error.
 Unfortunately the error does not occure at the position where it is
 caused. It occurs on a new allocation or sometimes freeing of objects it
 is pretty random.
 The last point in the call stack is usaly this:

 Reason for the defect:
 As already pointed out by Gregory Moltchadski in Ticket Number 257(
 however he made just a small remark to this error, which must be forgotten
 to solve) a field is accessed after a structure was deallocated.

 In channel.c:
 In function int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER

     LIBSSH2_FREE(session, listener);

     listener->chanFwdCncl_state = libssh2_NB_state_idle;

     return 0;
 The field chanFwdCncl_state is set but listener was released before.
 To set this field is pretty much senseless, since the object is
 deallocated anyway, however I would just swap the Free Statement and the

     listener->chanFwdCncl_state = libssh2_NB_state_idle;

     LIBSSH2_FREE(session, listener);

     return 0;

Ticket URL: <https://trac.libssh2.org/ticket/268>
libssh2 <https://trac.libssh2.org/>
C library for writing portable SSH2 clients
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2013-08-12

the libssh2 team