Deleting first fs left psstate->servers pointing to uninitialized memory

 ... possibly causing infinite loops in peerAddFwdServer().

TODO: The condition itself is excessive. If fs is not nil, the previous check
already tells us that the Config.forward_max_tries limit is exceeded.

diff --git a/src/peer_select.cc b/src/peer_select.cc
index 19e337105a6171af3eaca6253c4767217bba20a0..9c26a20c57af8c2fc3d425d54c7b4572e0c38046 100644 (file)
--- a/src/peer_select.cc
+++ b/src/peer_select.cc
@@ -271,11 +271,12 @@ peerSelectDnsPaths(ps_state *psstate)
     // due to the allocation method of fs, we must deallocate each manually.
     // TODO: use a std::list so we can get the size and abort adding whenever the selection loops reach Config.forward_max_tries
     if (fs && psstate->paths->size() >= (unsigned int)Config.forward_max_tries) {
+        assert(fs == psstate->servers);
         while (fs) {
-            FwdServer *next = fs->next;
+            psstate->servers = fs->next;
             cbdataReferenceDone(fs->_peer);
             memFree(fs, MEM_FWD_SERVER);
-            fs = next;
+            fs = psstate->servers;
         }
     }