Stanislav Brabec wrote:
As the whhole econf_file structure is freed by econf_free(file) at the end
of blkid_read_config, econf_file structure cannot be defined as static and initialized only once. The econf_free() is not robust enough and keeps a pointer to the garbage after the first call. And if /etc/blkid.conf does not exist, it is called second time.
However the patch is correct and fixes the crash, there are still open questions: - Why blkid_read_config() and econf_readConfig() are called twice with the same parameters? Is it intended behavior? - If yes, why we don't recycle the configuration and call econf_free()? - If not, why it happens? - And finally, is a similar code in logindefs.c vulnerable to a similar type of crash? -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbrabec@xxxxxxxx Křižíkova 148/34 (Corso IIa) tel: +420 284 084 060 186 00 Praha 8-Karlín fax: +420 284 084 001 Czech Republic http://www.suse.cz/ PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76
