Regression introduced with 2.11.0:
The failure paths in socket, socketpair and accept4 functions and
methods accidentally release *unused* cygheap_fdmanip objects. The
subsequently called dtable::release method was designed to be called for
*used* cygheap_fdmanip objects only. Using them on unused objects leads
to NULL pointer member dereferencing.
Worse, the inet/local accept4 methods only release the cygheap_fdmanip
object but neglect to delete the just created fhandler_socket_* object.
Fix this by removing the erroneous release calls in the aforementioned
failure paths and delete the fhandler_socket_* object in accept4 instead.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
The fhandler_base_overlapped::copyto clears atomic_write_buf on the
clone, but none of the derived classes were doing this. This allowed
the destructor to double-free the buffer and corrupt cygheap.
Clear atomic_write_buf in copyto of all derived classes.
Corinna Vinschen
David McFarland