After LDFree(listener), it still access listener which will cause segment crash.

SunnySun852963 commented 2 years ago

Describe the bug


LDi_storeUnregisterListener(
    struct LDStore *const store, const char *const flagKey, LDlistenerfn op)
{
    struct LDStoreListener *listener, *previous;

    LD_ASSERT(store);
    LD_ASSERT(flagKey);
    LD_ASSERT(op);

    previous = NULL;

    LDi_rwlock_wrlock(&store->lock);

    for (listener = store->listeners; listener; listener = listener->next) {
        if (listener->fn == op && strcmp(flagKey, listener->key) == 0) {
            if (previous) {
                previous->next = listener->next;
            } else {
                store->listeners = listener->next;
            }

            LDFree(listener->key);
            LDFree(listener);
        } else {
            previous = listener;
        }
    }

    LDi_rwlock_wrunlock(&store->lock);
}```

There is a bug here. After  LDFree(listener), it still access listener which will cause segment crash.

cwaldren-ld commented 2 years ago

Hi @SunnySun852963, thank you for the report. We will take a look.

Filed internally as 143438.

cwaldren-ld commented 2 years ago

Hi @SunnySun852963 , this should be fixed in 2.4.4. Thanks again for the report.

launchdarkly / c-client-sdk

After LDFree(listener), it still access listener which will cause segment crash. #73