Permalink
Browse files

Fixed adb crash due to accessing freed memory

Reset peers to NULL after closing them down. This prevents
other code from attempting to access that freed memory
(which prevents crashes). Previously, it left pointers to
freed memory and the "if (s->peer)" guards could not block
the attempt to access that memory later. Resolves many
crashes seen while taking repeated screenshots on WinXP.

Change-Id: I32553f4d19f6ddc9b05b6ab4dc1e9efe69e5be4f
  • Loading branch information...
1 parent 723054b commit 68dfac145720c41447d6cf892903431fd42cec10 Tom Marlin committed with tpruvot May 13, 2011
Showing with 5 additions and 2 deletions.
  1. +5 −2 adb/sockets.c
View
@@ -218,10 +218,12 @@ static void local_socket_close_locked(asocket *s)
if(s->peer) {
s->peer->peer = 0;
// tweak to avoid deadlock
- if (s->peer->close == local_socket_close)
+ if (s->peer->close == local_socket_close) {
local_socket_close_locked(s->peer);
- else
+ } else {
s->peer->close(s->peer);
+ }
+ s->peer = 0;
}
/* If we are already closing, or if there are no
@@ -753,6 +755,7 @@ static void smart_socket_close(asocket *s)
if(s->peer) {
s->peer->peer = 0;
s->peer->close(s->peer);
+ s->peer = 0;
}
free(s);
}

0 comments on commit 68dfac1

Please sign in to comment.