From 562548ac5342ee7ce35e41569acf9e67be6f878b Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Sat, 21 Feb 2026 12:17:42 +0100 Subject: lib: Fix ssm pool double free MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove double-free in ssm_pool_destroy — ssm_pool_close already frees the pool. The pool sharding test had a free spbs/ptrs on partial malloc failure. Now initializes children array to -1 to prevent reading uninitialized values. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/lib/ssm/pool.c | 2 -- src/lib/ssm/tests/pool_sharding_test.c | 5 +++++ 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/ssm/pool.c b/src/lib/ssm/pool.c index 97313e7d..5c98b515 100644 --- a/src/lib/ssm/pool.c +++ b/src/lib/ssm/pool.c @@ -506,14 +506,12 @@ void ssm_pool_destroy(struct ssm_pool * pool) if (getpid() != pool->hdr->pid && kill(pool->hdr->pid, 0) == 0) { ssm_pool_close(pool); - free(pool); return; } fn = pool_filename(pool->uid); if (fn == NULL) { ssm_pool_close(pool); - free(pool); return; } diff --git a/src/lib/ssm/tests/pool_sharding_test.c b/src/lib/ssm/tests/pool_sharding_test.c index 4ecd2b9c..c53105e3 100644 --- a/src/lib/ssm/tests/pool_sharding_test.c +++ b/src/lib/ssm/tests/pool_sharding_test.c @@ -242,6 +242,8 @@ static int test_fallback_stealing(void) ptrs = malloc(total_blocks * sizeof(uint8_t *)); if (spbs == NULL || ptrs == NULL) { printf("Failed to allocate test arrays.\n"); + free(spbs); + free(ptrs); goto fail_pool; } @@ -326,6 +328,9 @@ static int test_multiprocess_sharding(void) TEST_START(); + for (i = 0; i < SSM_POOL_SHARDS; i++) + children[i] = -1; + pool = ssm_pool_create(getuid(), getgid()); if (pool == NULL) { printf("Failed to create pool.\n"); -- cgit v1.2.3