[haiku-bugs] Re: [Haiku] #10328: [Network Kit] KDL when accessing https sites
- From: "ttcoder" <trac@xxxxxxxxxxxx>
- Date: Fri, 20 Dec 2013 15:18:55 -0000
#10328: [Network Kit] KDL when accessing https sites
--------------------------------+----------------------------
Reporter: diver | Owner: pulkomandy
Type: bug | Status: new
Priority: normal | Milestone: R1
Component: Kits/Network Kit | Version: R1/Development
Resolution: | Keywords:
Blocked By: | Blocking:
Has a Patch: 0 | Platform: All
--------------------------------+----------------------------
Comment (by ttcoder):
If I didn't screw up searching, the inlined `atomic_add()` is [http://cgit
.haiku-os.org/haiku/tree/headers/private/shared/WeakReferenceable.h#n269
here] and the fUseCount variable is in class BWeakReferenceable
[http://cgit.haiku-
os.org/haiku/tree/headers/private/shared/WeakReferenceable.h#n33 here].
I guess the KDL hints at the net_socket_private having been `delete`d
before, thus being reset to deadbeef, including its `BWeakReferenceable`
part (and/or) its `WeakPointer` member and ''its'' `fUseCount` member...
So when atomic_add() dereferences the weakpointer to access its
`fUseCount` it dereferences `0xdeadbeef` plus the offset to that usecount
variable, == 0xdeadbef7.. So this would be a "heap corruption/double
free()" scenario.. Sounds correct to any of you kernel gurus ?
Maybe diver could do a `dis` or even `dis -b20` to check how edx ended up
the way it is..
--
Ticket URL: <http://dev.haiku-os.org/ticket/10328#comment:2>
Haiku <http://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
