When multiple servers are recycling at the same time, (e.g. due to saved
change in SCFG) they'd each call sbbs_read_ini() with a shared global_startup struct, which in turn calls sbbs_free_ini(), which would free all the
allocated network interface lists (including the global_startup one) using iniFreeStringList (just a wrapper for strListFree), but iniFreeStringList() does NOT modify (NULLify) the freed-pointer, so your second or third server that called sbbs_read_ini(), with the shared MainForm->global structure, would *again* free the same global interface list. This bug actually has always existed because get_ini_globals() freed the global interface list in the same way, except it *immediately* re-allocated a new one by calling iniGetStringList(), so the time window (opportunity) for this race condition
to occur was much smaller. Truly, SBBSCTRL should use a mutex or other mechanism to protect the shared global_startup struct, but this is a first
step to a full fix: sbbs_free_ini() should (and now does) nullify the freed network interface pointers by using strListFree() directly. I haven't been
able to reproduce the crash upon recycle in SBBSCTRL after making this change.
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
From Randy Sommerfeld@VERT to Git commit to main/sbbs/master on Tue Apr 4 02:04:36 2023