Bas Zoetekouw wrote:
> > I've tracked it down to this hunk:
> >
> > +#ifdef USE_ICONV /* we've copied this string */
> > + slrn_free (h->from);
> > +#endif
> >
> > This triggers a double free. With "slrn_free (h->from);" removed slrn
> > works w/o segfaults.
>
> Yes, that's what I expected. However, simply removing the slrn_free()
> will result in lots of memleaks.
> I'm not sure what is happening, because the h->from is explicitly malloced
> in process_xover(), which is also the only place in the source (afaics)
> where any Slrn_Header_Type is malloced.
> So, the only thing I can think of is that slrn messes with the from field
> somewhere lese in the code. I'll try looking into it later today...
Turns out I was wrong with the double free idea:
==14705== Invalid free() / delete / delete[]
==14705== at 0x401D0CA: free (vg_replace_malloc.c:233)
==14705== by 0x40A6B10: SLfree (in /lib/libslang.so.2.0.6)
==14705== by 0x8050068: free_header (art.c:477)
==14705== by 0x8055316: art_xpunge (art.c:6881)
==14705== by 0x807A7C1: main (slrn.c:1786)
==14705== Address 0x5111198 is 72 bytes inside a block of size 108 free'd
==14705== at 0x401D0CA: free (vg_replace_malloc.c:233)
==14705== by 0x40A6B10: SLfree (in /lib/libslang.so.2.0.6)
==14705== by 0x805005D: free_header (art.c:475)
==14705== by 0x8055316: art_xpunge (art.c:6881)
==14705== by 0x807A7C1: main (slrn.c:1786)
I'll dig further on sunday.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
