mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-01-30 14:31:08 +01:00
27c8da1fd5
Along recent evolutions of the pools, we've lost the ability to reliably detect double-frees because while in the past the same pointer was being used to chain the objects in the cache and to store the pool's address, since 2.0 they're different so the pool's address is never overwritten on free() and a double-free will rarely be detected. This patch sets the caller's return address there. It can never be equal to a pool's address and will help guess what was the previous call path. It will not work on exotic architectures nor with very old compilers but these are not the environments where we're trying to get detailed bug reports, and this is not done by default anyway so we don't care about this limitation. Note that depending on the inlining status of the function, the result may differ but that's no big deal either. A test by placing a double free of an appctx inside the release handler itself successfully reported the trouble during appctx_free() and showed that the return address was in stream_int_shutw_applet() (this one calls the release handler).