You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

48 lines
1.6 KiB

From 164a98ea6b24fea3433516dcc0df496929674cdd Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 7 Jun 2016 12:43:38 +0200
Subject: [PATCH] sd-netlink: fix deep recursion in message destruction
On larger systems we might very well see messages with thousands of parts.
When we free them, we must avoid recursing into each part, otherwise we
very likely get stack overflows.
Fix sd_netlink_message_unref() to use an iterative approach rather than
recursion (also avoid tail-recursion in case it is not optimized by the
compiler).
(cherry picked from commit 82e4eda664d40ef60829e27d84b1610c2f4070cd)
Resolves: #1330593
---
src/libsystemd/sd-rtnl/rtnl-message.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
index 276591f31b..9276bbdebc 100644
--- a/src/libsystemd/sd-rtnl/rtnl-message.c
+++ b/src/libsystemd/sd-rtnl/rtnl-message.c
@@ -584,7 +584,9 @@ sd_rtnl_message *sd_rtnl_message_ref(sd_rtnl_message *m) {
}
sd_rtnl_message *sd_rtnl_message_unref(sd_rtnl_message *m) {
- if (m && REFCNT_DEC(m->n_ref) == 0) {
+ sd_rtnl_message *t;
+
+ while (m && REFCNT_DEC(m->n_ref) == 0) {
unsigned i;
free(m->hdr);
@@ -592,9 +594,9 @@ sd_rtnl_message *sd_rtnl_message_unref(sd_rtnl_message *m) {
for (i = 0; i <= m->n_containers; i++)
free(m->rta_offset_tb[i]);
- sd_rtnl_message_unref(m->next);
-
- free(m);
+ t = m;
+ m = m->next;
+ free(t);
}
return NULL;