bug in xfaces-3.3

Philippe Charnier (charnier@xp11.frmug.org)
Sun, 03 Nov 1996 14:52:02 +0100

Hello,

According to the README, I sent this to liebman@zod.clark.net, but I got (Name
server: zod.clark.net: host not found), so here is again:

I found use of a reference that can be unallocated. Please find the
enclosed patch.

===================================================================
RCS file: mail_items.c,v
retrieving revision 1.1
diff -u -r1.1 mail_items.c
--- mail_items.c 1996/11/01 11:03:57 1.1
+++ mail_items.c 1996/11/01 13:02:54
@@ -351,9 +351,18 @@
MailBoxClean()
{
MailItem *item;
-
- for (item = TheMailItems; item != NULL; item = item->next)
+ MailItem *next_item;
+
+ for (item = TheMailItems; item != NULL; item = next_item)
{
+ /*
+ * Save item->next here because if MailItemFree() is called, it will
+ * free item and we won't be able to access it after the call.
+ * Found by phkmalloc. Philippe Charnier (charnier@xp11.frmug.org)
+ * 11/96.
+ */
+ next_item = item->next;
+
if (item->in_use == 0)
{
MailItemFree(item);

------ ------
Philippe Charnier charnier@lirmm.fr (smtp)
charnier@xp11.frmug.org (uucp)

``a PC not running FreeBSD is like a venusian with no tentacles''
------------------------------------------------------------------------