From 56f1e8b368d08a08ed09cef2dd6371000ebfe51c Mon Sep 17 00:00:00 2001
From: Krzysztof Oledzki <ole@ans.pl>
Date: Thu, 11 Oct 2007 18:30:14 +0200
Subject: [PATCH] [BUG] fix double-free during clean exit

This patch fixes a nasty bug raported by both glibc and valgrind, which
leads into a problem that haproxy does not exit when a new instace
starts ap (-sf/-st).

==9299== Invalid free() / delete / delete[]
==9299==    at 0x401D095: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==9299==    by 0x804A377: deinit (haproxy.c:721)
==9299==    by 0x804A883: main (haproxy.c:1014)
==9299==  Address 0x41859E0 is 0 bytes inside a block of size 21 free'd
==9299==    at 0x401D095: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==9299==    by 0x804A84B: main (haproxy.c:985)
==9299==

6542  open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = -1 ENOENT (No such file
or directory)
6542  writev(2, [{"*** glibc detected *** ", 23}, {"corrupted double-linked
list", 28}, {": 0x", 4}, {"6ff91878", 8}, {" ***\n", 5}], 5) = -1 EBADF (Bad
file descriptor)

I found this bug trying to find why, after one week with many restarts, I
finished with >100 haproxy process running. ;)
---
 src/haproxy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/haproxy.c b/src/haproxy.c
index fe836308e..fc0cda14e 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -983,6 +983,7 @@ int main(int argc, char **argv)
 		if (pidfile != NULL)
 			fclose(pidfile);
 		free(global.pidfile);
+		global.pidfile = NULL;
 
 		if (proc == global.nbproc)
 			exit(0); /* parent must leave */