lightningd: fix reconnect while openingd still live.
In this case, we unset the old subd->peer, then freed subd. peer_owner_finished dereferenced subd->peer->owner, and boom: test_disconnect_funder (__main__.LightningDTests) ... Fatal signal 11. Log dumped in crash.log ------------------------------- Valgrind errors -------------------------------- Valgrind error file: valgrind-errors.2882 ==2882== Invalid read of size 8 ==2882== at 0x413F74: peer_owner_finished (peer_control.c:679) ==2882== by 0x41EA2C: destroy_subd (subd.c:381) ==2882== by 0x459700: notify (tal.c:240) ==2882== by 0x459BB1: del_tree (tal.c:400) ==2882== by 0x459FC0: tal_free (tal.c:509) ==2882== by 0x413796: peer_reconnected (peer_control.c:493) ==2882== by 0x413A6A: add_peer (peer_control.c:592) ==2882== by 0x40ED1F: handshake_succeeded (new_connection.c:186) ==2882== by 0x41E3DD: sd_msg_reply (subd.c:262) ==2882== by 0x41E6BB: sd_msg_read (subd.c:318) ==2882== by 0x41E4E6: read_fds (subd.c:283) ==2882== by 0x44DEB4: next_plan (io.c:59) ==2882== Address 0x838 is not stack'd, malloc'd or (recently) free'd ==2882== Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
parent
71618d07e6
commit
e8dadbc0fb
|
|
@ -490,7 +490,7 @@ static bool peer_reconnected(struct lightningd *ld,
|
|||
|
||||
case OPENINGD:
|
||||
/* Kill off openingd, forget old peer. */
|
||||
peer->owner->peer = NULL;
|
||||
peer->owner = NULL; /* We'll free it ourselves */
|
||||
tal_free(peer->owner);
|
||||
tal_free(peer);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue