As a further note i believe
the reason it gets in to the loop and then into if(replace_old) {
the second time is because we dont reset replace_old
I think we need to reset that in
if(replace_old) {
        co->next = clist->next; /* get the next-pointer first */
...
+ replace_old = FALSE;
}

Am I right

Regards
Bharath

"T. Bharath" wrote:

> There seems to be a prob in Curl_cookie_add, to be more specific in the
> bloc
> if(replace_old) {
> co->next = clist->next; /* get the next-pointer first */
> ...
> }
> What really happens is when the old cookie is replaced by a new one
> the first time we do a
> free(co); /* free the newly alloced memory */
> co = clist;
> co is no longer pointing to the newly alloced mem
> Now lets say we continue the loop a few more times but all along co is
> not reset and
> points to the link which was replaced
> after a few iteration again we get in to the above bloc,this time we
> copy the
> contents of co and delete the co which is pointing to a valid link(not
> allocated by us)
> and this actually causes the c->cookies->next to end in a dangling
> pointer and also that we
> lose track of valid cookies in the list
>
> Regards
> Bharath
Received on 2002-01-07