[BUG] fix double-free during clean exit

This patch fixes a nasty bug raported by both glibc and valgrind, which
leads into a problem that haproxy does not exit when a new instace
starts ap (-sf/-st).

==9299== Invalid free() / delete / delete[]
==9299==    at 0x401D095: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==9299==    by 0x804A377: deinit (haproxy.c:721)
==9299==    by 0x804A883: main (haproxy.c:1014)
==9299==  Address 0x41859E0 is 0 bytes inside a block of size 21 free'd
==9299==    at 0x401D095: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==9299==    by 0x804A84B: main (haproxy.c:985)
==9299==

6542  open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = -1 ENOENT (No such file
or directory)
6542  writev(2, [{"*** glibc detected *** ", 23}, {"corrupted double-linked
list", 28}, {": 0x", 4}, {"6ff91878", 8}, {" ***\n", 5}], 5) = -1 EBADF (Bad
file descriptor)

I found this bug trying to find why, after one week with many restarts, I
finished with >100 haproxy process running. ;)

diff --git a/src/haproxy.c b/src/haproxy.c
index fe836308ede4fc67a2a126c76068549769b0bd53..fc0cda14eaf59283441ef8a7f9fcfab17cc45562 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -983,6 +983,7 @@ int main(int argc, char **argv)
                if (pidfile != NULL)
                        fclose(pidfile);
                free(global.pidfile);
+               global.pidfile = NULL;
 
                if (proc == global.nbproc)
                        exit(0); /* parent must leave */