From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 19 Jul 2014 16:14:11 +0000 (+0100)
Subject: sel/bres.c (zap): Don't scramble the freelist when a query is aborted.
X-Git-Tag: 2.2.2~3
X-Git-Url: https://git.distorted.org.uk/~mdw/mLib/commitdiff_plain/a736dc9c17aa9ba7cd65b092a7817a6c7853672a?hp=a736dc9c17aa9ba7cd65b092a7817a6c7853672a

sel/bres.c (zap): Don't scramble the freelist when a query is aborted.

If a query is aborted after it's been committed to a server process,
then we kill the server and return its control block to the freelist.
Unfortunately, the function which does this, `zap', unconditionally
tries to unlink the control block from its current position in the
freelist; but it wasn't actually there before.  The result is that
another server control block might be linked back into the freelist.
Attaching a second client to it while it's already in use fails when
`attach' tries to remove the server's idle timer, which isn't active: at
this point, we get a segfault.
---