From c0ea37cf30d64b778fea39ccd3a788dcc61185df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 26 Nov 2014 11:07:24 +0100 Subject: [PATCH] unix: fix processing process handles queue Make sure we initialize it after the handle was removed from the pending queue so that QUEUE_REMOVE doesn't do an invalid write when the process is closed. Valgrind output: ==4362== Invalid write of size 8 ==4362== at 0x407DB8: uv__process_close (process.c:515) ==4362== by 0x404F94: uv_close (core.c:138) ==4362== by 0x4037C5: main (invalid_write.c:33) ==4362== Address 0xffeffc820 is not stack'd, malloc'd or (recently) free'd ==4362== ==4362== Invalid write of size 8 ==4362== at 0x407DC3: uv__process_close (process.c:515) ==4362== by 0x404F94: uv_close (core.c:138) ==4362== by 0x4037C5: main (invalid_write.c:33) ==4362== Address 0xffeffc828 is not stack'd, malloc'd or (recently) free'd Refs: joyent/libuv/issues/1584 --- src/unix/process.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/unix/process.c b/src/unix/process.c index 0aff5fd3..be283b48 100644 --- a/src/unix/process.c +++ b/src/unix/process.c @@ -85,9 +85,14 @@ static void uv__chld(uv_signal_t* handle, int signum) { QUEUE_INSERT_TAIL(&pending, &process->queue); } - QUEUE_FOREACH(q, &pending) { + h = &pending; + q = QUEUE_HEAD(h); + while (q != h) { process = QUEUE_DATA(q, uv_process_t, queue); - QUEUE_REMOVE(q); + q = QUEUE_NEXT(q); + + QUEUE_REMOVE(&process->queue); + QUEUE_INIT(&process->queue); uv__handle_stop(process); if (process->exit_cb == NULL)