From a00b06ea93a91f784cf8b41fc493e589a14a80b4 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 19 Mar 2008 17:44:16 +0000
Subject: bugfix: potential segfault on module unload. Thanks to varmojfekoj
 for the     patch

---
 ChangeLog | 2 ++
 modules.c | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index a64fde44..bb1ac1ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@ Version 3.12.4 (rgerhards), 2008-03-??
 - bugfix/doc: removed no longer supported -h option from man page
 - bugfix: imklog leaked several hundered KB on each HUP. Thanks to
   varmojfekoj for the patch
+- bugfix: potential segfault on module unload. Thanks to varmojfekoj for
+  the patch
 ---------------------------------------------------------------------------
 Version 3.12.3 (rgerhards), 2008-03-18
 - added advanced flow control for congestion cases (mode depending on message
diff --git a/modules.c b/modules.c
index 4f4fed11..e6558a7e 100644
--- a/modules.c
+++ b/modules.c
@@ -700,7 +700,9 @@ Release(char *srcFile, modInfo_t **ppThis)
 		/* we have a zero refcount, so we must unload the module */
 		dbgprintf("module '%s' has zero reference count, unloading...\n", pThis->pszName);
 		modUnlinkAndDestroy(&pThis);
-		*ppThis = NULL; /* nobody can access it any longer! */
+		/* we must NOT do a *ppThis = NULL, because ppThis now points into freed memory!
+		 * If in doubt, see obj.c::ReleaseObj() for how we are called.
+		 */
 	}
 
 	RETiRet;
-- 
cgit