Browse Source

crypto: fix another over-run in bio

When doing `FreeEmpty`, `NodeBIO` skips pre-allocated `head_` buffer.
However this might lead to double-freeing buffers since in `~NodeBIO()`
we're starting deallocation from `head_` buffer.
v0.11.5-release
Fedor Indutny 12 years ago
parent
commit
e5791f74f0
  1. 9
      src/node_crypto_bio.cc

9
src/node_crypto_bio.cc

@ -232,9 +232,12 @@ void NodeBIO::FreeEmpty() {
if (cur == write_head_ || cur == read_head_) if (cur == write_head_ || cur == read_head_)
return; return;
Buffer* prev = child;
while (cur != read_head_) { while (cur != read_head_) {
// Skip embedded buffer // Skip embedded buffer, and continue deallocating again starting from it
if (cur == &head_) { if (cur == &head_) {
prev->next_ = cur;
prev = cur;
cur = head_.next_; cur = head_.next_;
continue; continue;
} }
@ -242,11 +245,11 @@ void NodeBIO::FreeEmpty() {
assert(cur->write_pos_ == cur->read_pos_); assert(cur->write_pos_ == cur->read_pos_);
Buffer* next = cur->next_; Buffer* next = cur->next_;
child->next_ = next;
delete cur; delete cur;
cur = next; cur = next;
} }
assert(prev == child || prev == &head_);
prev->next_ = cur;
} }

Loading…
Cancel
Save