diff options
| author | Justus Winter <[email protected]> | 2016-07-21 09:49:33 +0000 |
|---|---|---|
| committer | Justus Winter <[email protected]> | 2016-07-21 09:49:33 +0000 |
| commit | 1af2fd44f0a66fd0d94c224319db0b128d42a288 (patch) | |
| tree | 8e881333df448e8342abaad54eff7b623acb7da4 | |
| parent | scd: Fix card removal/reset on multiple contexts. (diff) | |
| download | gnupg-1af2fd44f0a66fd0d94c224319db0b128d42a288.tar.gz gnupg-1af2fd44f0a66fd0d94c224319db0b128d42a288.zip | |
g10: Fix crash.
* g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
cache limit. Previously, this would crash if db_cache_count == count.
Reported-by: Ben Kibbey <[email protected]>
Signed-off-by: Justus Winter <[email protected]>
| -rw-r--r-- | g10/tofu.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/g10/tofu.c b/g10/tofu.c index 471aec6f3..0b9d84822 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1104,8 +1104,14 @@ tofu_closedbs (ctrl_t ctrl) is easy to skip the first COUNT entries since we still have a handle on the old head. */ int skip = DB_CACHE_ENTRIES - count; - while (-- skip > 0) - old_head = old_head->next; + if (skip < 0) + for (old_head = db_cache, skip = DB_CACHE_ENTRIES; + skip > 0; + old_head = old_head->next, skip--) + { /* Do nothing. */ } + else + while (-- skip > 0) + old_head = old_head->next; *old_head->prevp = NULL; @@ -1116,6 +1122,8 @@ tofu_closedbs (ctrl_t ctrl) old_head = db; db_cache_count --; } + + log_assert (db_cache_count == DB_CACHE_ENTRIES); } } |