From 5f6613e36fd7d890db4f201592692982c5231213 Mon Sep 17 00:00:00 2001 From: thorkill Date: Wed, 8 Jul 2015 00:36:22 +0200 Subject: [PATCH] Attempt to fix the heap-use-after-free error in mst_kruskal For some reason the edges ware removed in one direction resulting in e->reverse point into invalid memory. Do not insert edge into edge_weight_tree if not needed. --- src/edge.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/edge.c b/src/edge.c index 0e35cd1e..8feeccb6 100644 --- a/src/edge.c +++ b/src/edge.c @@ -81,13 +81,21 @@ void free_edge(edge_t *e) { } void edge_add(edge_t *e) { - splay_insert(edge_weight_tree, e); - splay_insert(e->from->edge_tree, e); + if (splay_insert(e->from->edge_tree, e)) { + e->reverse = lookup_edge(e->to, e->from); - e->reverse = lookup_edge(e->to, e->from); + if(e->reverse) + e->reverse->reverse = e; - if(e->reverse) - e->reverse->reverse = e; + if (!splay_insert(edge_weight_tree, e)) + logger(DEBUG_ALWAYS, LOG_ERR, + "%s:%d: edge from: %s to: %s exists in edge_weight_tree", + __FUNCTION__, __LINE__, e->from->name, e->to->name); + } else { + logger(DEBUG_ALWAYS, LOG_ERR, + "%s:%d: edge from: %s to: %s exists in e->from->edge_tree", + __FUNCTION__, __LINE__, e->from->name, e->to->name); + } } void edge_del(edge_t *e) {