Deleting first fs left psstate->servers pointing to uninitialized memory

possibly causing infinite loops in peerAddFwdServer().

TODO: The condition itself is excessive. If fs is not nil, the previous check
already tells us that the Config.forward_max_tries limit is exceeded.

diff --git a/src/peer_select.cc b/src/peer_select.cc
index 0470784e8698df17cb916bebd97b3ca5e7e4721c..77054912de84082a12352da0db241fb9e779f7db 100644 (file)
--- a/src/peer_select.cc
+++ b/src/peer_select.cc
@@ -263,11 +263,12 @@ peerSelectDnsPaths(ps_state *psstate)
     // due to the allocation method of fs, we must deallocate each manually.
     // TODO: use a std::list so we can get the size and abort adding whenever the selection loops reach Config.forward_max_tries
     if (fs && psstate->paths->size() >= (unsigned int)Config.forward_max_tries) {
+        assert(fs == psstate->servers);
         while (fs) {
-            FwdServer *next = fs->next;
+            psstate->servers = fs->next;
             cbdataReferenceDone(fs->_peer);
             memFree(fs, MEM_FWD_SERVER);
-            fs = next;
+            fs = psstate->servers;
         }
     }