daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: fix another over-run in bio 

When doing `FreeEmpty`, `NodeBIO` skips pre-allocated `head_` buffer.
However this might lead to double-freeing buffers since in `~NodeBIO()`
we're starting deallocation from `head_` buffer.
pull/5010/head
Fedor Indutny 2013-08-03 13:09:02 +04:00
parent 350fc8064e
commit e5791f74f0
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/node_crypto_bio.cc
View File

@ -232,9 +232,12 @@ void NodeBIO::FreeEmpty() {
if (cur == write_head_ || cur == read_head_) if (cur == write_head_ || cur == read_head_)
return; return;
Buffer* prev = child;
while (cur != read_head_) { while (cur != read_head_) {
// Skip embedded buffer // Skip embedded buffer, and continue deallocating again starting from it
if (cur == &head_) { if (cur == &head_) {
prev->next_ = cur;
prev = cur;
cur = head_.next_; cur = head_.next_;
continue; continue;
} }
@ -242,11 +245,11 @@ void NodeBIO::FreeEmpty() {
assert(cur->write_pos_ == cur->read_pos_); assert(cur->write_pos_ == cur->read_pos_);
Buffer* next = cur->next_; Buffer* next = cur->next_;
child->next_ = next;
delete cur; delete cur;
cur = next; cur = next;
} }
assert(prev == child || prev == &head_);
prev->next_ = cur;
} }