On Wed, Apr 30, 2014 at 1:44 AM, Malcolm MacLeod
<malcolm(dot)macleod(at)tshwanedje(dot)com> wrote:
> The crash seems to occur because CC_send_query_append crash takes a
> local copy of the pointer 'self->sock' at the top of the function,
> 'self' is then passed around to various functions (some of which have
> the side effect of setting self->sock to NULL (and deleting) if there is
> a lost connection) and then the local copy of the pointer (which is now
> dangling) is dereferenced lower down in the function.
> Essentially if there is a disconnect while CC_send_query_append is
> running there is a risk of crash.
Looking at the code, I am seeing that the problem is related to
CC_on_abort where conn->sock is set to NULL when the connection is
considered as dead. And I am indeed seeing two code paths (when
sending the 'C' message there is an ABORT check and in cleanup
section) that could use this NULL socket afterwards. Your patch is
perhaps a bit too much. So I am proposing the attached patch instead.
Let me know if this fixes your issue as well.
Regards,
--
Michael