Oops! There's a double free. When the list of raw addresses from mail_adr_list() is copied into dsnusers list by wrapping each addresses into a dsn structure, the address pointer is pointed into the address list rather than actually copied. So dsnuser_free() and list_freelist() both free the address.
The simple fix is to strdup() the address. A more involved fix is to have a flag that lets dsnuser_free() know if it owns the address pointer or not. I'm inclined to go with the former; a patch is posted on SourceForge. Thanks for committing the patch! Aaron Ilja Booij <[EMAIL PROTECTED]> said: > Hi all, > > starting a new thread here, I kind of lost track of the previous one and > might have deleted some emails that I should not have deleted... > > Anyway, I applied the latest set of patches made by Aaron. > Most stuff seems to work, but there is some stuff that is not working. > > When I take a test-message and send that using > dbmail-smtp -n (using Deliver-To: <address> in the message) > dbmail segfaults. It segfaults on freeing the users list > > (line 340 of main.c: list_freelist(users.start);) > > There are two other things (these were already there before applying > Aaron's patches: > > * the read_header() function in header.c seems to hang on an fgets(). > * dbmail sometimes segfaults on the delivery of a message (another > segfault than the one mentioned above) > > Ilja > > _______________________________________________ > Dbmail-dev mailing list > Dbmail-dev@dbmail.org > http://twister.fastxs.net/mailman/listinfo/dbmail-dev > --
