Wrong argument in freeaddrinfo tries to free nullpointer

[GoogleCodeExporter]

Using runtest on Solaris with Sun Studio 12 yields in a coredump with the 
following stacktrace:

core 'core' of 5830:    
/home/dam/mgar/pkg/pacparser/trunk/work/solaris9-sparc/build-isa-sparc
 ff1e4880 freeaddrinfo (0, ff1680a8, ffbfec26, ffbfea5e, 0, 0) + 4
 ff026e9c resolve_host (ffbfeb20, ffbfec26, 1, 4d948, 1, ffbfed58) + 19c
 ff027204 ???????? (24fa8, 276c0, 0, 4d950, ffbfed58, 4f8a3)
 ff0a16f4 js_Invoke (24fa8, 0, 0, ffbff0b4, ffbff038, 4f8a3) + 116c
 ff0b5d2c js_Interpret (24fa8, 4c298, ffbff170, 24ff0, 0, 0) + 11ffc
 ff0a2544 js_Execute (24fa8, 276c0, 4c268, 0, 0, ffbff378) + 474
 ff0468b0 JS_EvaluateUCScriptForPrincipals (24fa8, 276c0, 0, 4c1e8, 3a, 0) + d0
 ff0467ac JS_EvaluateUCScript (24fa8, 276c0, 4c1e8, 3a, 0, 1) + 5c
 ff046608 JS_EvaluateScript (24fa8, 276c0, 3d5d8, 3a, 0, 1) + 98
 ff028184 pacparser_find_proxy (ffbffa4b, 4d64f, 11a3c, 4d64f, 4d64f, 4d65d) + 454
 00011564 main     (5, ffbff85c, ffbff874, 0, 7d8, ffbff964) + 384
 00010b60 _start   (0, ffbff85c, 1, ff3dc608, ff3ee834, ff3ee000) + 108

The problem is that freeaddrinfo is called on "ai" which may be null. This 
fixes the issue:

--- a/src/pacparser.c
+++ b/src/pacparser.c
@@ -112,7 +112,7 @@ resolve_host(const char *hostname, char *ipaddr_list, int 
max_results)
     if (ipaddr_list[0] == '\0') sprintf(ipaddr_list, "%s", ipaddr);
     else sprintf(ipaddr_list, "%s;%s", ipaddr_list, ipaddr);
   }
-  freeaddrinfo(ai);
+  freeaddrinfo(result);
   return 0;
 }

Original issue reported on code.google.com by honkma...@googlemail.com on 7 Dec 2010 at 10:24

[GoogleCodeExporter]

Original comment by manugarg on 7 Dec 2010 at 5:53

[GoogleCodeExporter]

I have just cut a new release (1.2.7) which includes this patch. Thanks again 
honkman2 for reporting this bug and providing the patch.

Original comment by manugarg on 13 Dec 2010 at 7:33

• Changed state: Fixed
• Added labels: OpSys-All