Hi, Mark! * Mark Pizzolato - ClamAV-devel <clamav-de...@subscriptions.pizzolato.net> [2014-04-08 00:02]: > > It appears that for every connection that is acceptey by clamd, > > the current "engine" value is passed in the "conn" struct. The > > engine struct has a ref count, and a process "grabs" the engine by > > calling cl_engine_addref(), thus increasing the ref count. Only > > when cl_engine_free() is called and the ref count is zero is the > > object actually freed.
> It would seem that there is a race condition in this paradigm. The > reference to the engine object should be added when the engine value > is set in the conn structure (this determining of the engine value > AND the addition of the reference count should be done with the > related mutex held). The current paradigm seems to be creating an > un-accounted reference and later on incrementing the reference > value. By the time that increment happens the engine value which > was passed may have already been freed and thus the pointer being > deference is no longer pointing at a valid object. Yes, you are certainly right. Thanks for pointing this out! I will try to work around this issue some time this week. Julius _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
