[Mono-list] Bug in RecvFrom_internal

Jonathan Liger Jonathan Liger" <Jonathan.liger@wanadoo.fr
Wed, 21 Aug 2002 22:13:44 +0200

This is a multi-part message in MIME format.

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

I think I have found a bug in one of the low level socket methods in the
Mono framework :
In gint32 ves_icall_System_Net_Sockets_Socket_RecvFrom_internal(SOCKET,
MonoArray *, gint32, gint32, gint32, MonoObject **), the pointer 'sa' was
used after having been 'g_free'-ed.
The corresponding patch is attached to this mail.

In fact, it was just a simple bug, but it took me a while to see where it
came from (I just had address familly problems when using the UdpClient).
Anyway, hunting that bug made me know a bit better how all this worked.

Jonathan LIGER

Content-Type: application/octet-stream;
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;

diff -ru mono-0.12/mono/metadata/socket-io.c =
--- mono-0.12/mono/metadata/socket-io.c	2002-08-21 22:52:21.000000000 =
+++ mono/mono/metadata/socket-io.c	2002-08-21 22:52:41.000000000 +0200=0A=
@@ -791,13 +791,14 @@=0A=
 	buf=3Dmono_array_addr(buffer, guchar, offset);=0A=
 	ret=3Drecvfrom(sock, buf, count, recvflags, sa, &sa_size);=0A=
-	g_free(sa);=0A=
 	if(ret=3D=3DSOCKET_ERROR) {=0A=
+		g_free(sa);=0A=
 	*sockaddr=3Dcreate_object_from_sockaddr(sa, sa_size);=0A=
+	g_free(sa);=0A=