Bug 30639

Summary: apmd crashes on SIGHUP (under certain conditions)
Product: Base System Reporter: Ralf Meyer <meyerr>
Component: binAssignee: Murray Stokely <murray>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Ralf Meyer 2001-09-18 04:40:01 UTC 
After putting one apm_battery entry in apmd.conf, apmd crashes when receiving a 
SIGHUP. As far as I can see the crash is caused by a possible call to free with
an invalid pointer in the function destroy_config. This is due to the (faulty) double
advancement of the pointer to the linked-list of battery entries.

Fix: 

!       while( battery_watch_list ) {
                free_event_cmd_list(battery_watch_list->cmdlist);
--- 412,414 ----

!       for( ; battery_watch_list; battery_watch_list = battery_watch_list -> next) {
                free_event_cmd_list(battery_watch_list->cmdlist);--itH9DLkUD9OKtXhunJ5fqpMjBjU5PKrkJ0cd5Ip7qXhZ9jxR
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

*** apmd.c      Mon Sep 17 22:26:25 2001
--- apmd.c.ori  Mon Aug 20 18:39:50 2001
***************
*** 412,414 ****
How-To-Repeat: Stop apmd
Activate one (not two) apm_battery entries in apmd.conf
Start apmd
send SIGHUP to apmd

Since the problem is IMHO related to an invalid call to free(), the exact outcome of 
this might depend on other factors.
Comment 1 Murray Stokely freebsd_committer freebsd_triage 2003-05-11 21:56:18 UTC 
Responsible Changed
From-To: freebsd-bugs->murray

And this one..
Comment 2 Matthew N. Dodd freebsd_committer freebsd_triage 2003-06-22 07:04:36 UTC 
State Changed
From-To: open->closed

Similar code committed in version 1.5 by nsayer.