From: Willy Tarreau Date: Thu, 3 Mar 2022 17:31:54 +0000 (+0100) Subject: BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed X-Git-Tag: v2.6-dev3~69 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f9eba78fb82a9ccca2503e318a79be4d7db8d94d;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed Commit e81248c0c ("BUG/MINOR: pool: always align pool_heads to 64 bytes") added a free of the allocated pool in pool_destroy() using ha_free(), but it added a subtle bug by which once the pool is released, setting its address to NULL inside the structure itself cannot work because the area has just been freed. This will need to be backported wherever the patch above is backported. --- diff --git a/src/pool.c b/src/pool.c index 441133e7c7..b3520d744f 100644 --- a/src/pool.c +++ b/src/pool.c @@ -821,7 +821,7 @@ void *pool_destroy(struct pool_head *pool) if (!pool->users) { LIST_DELETE(&pool->list); /* note that if used == 0, the cache is empty */ - ha_free(&pool->base_addr); + free(pool->base_addr); } } return NULL;