Hi Magnus, On Sun, Jan 25, 2026 at 11:53:08AM -0700, Nopey Nope wrote:
Thanks for the guidance, Rodrigo!
Had a better idea on how to fix the socketdata use-after-free; new attached patch 0002 fixes the bug by only freeing the queued sockdata if it's exclusively owned by the server queue.
I've added information in the commit summaries as suggested.
I also added an assert in Http_socket_enqueue, which makes explicit the precondition that socketdata can only be queued to one server at a time. This assert has not tripped, and hopefully never will; I thought it helped illustrate the relation between servers and socketdatas.
Thanks a lot!, they both look good. I'll leave the assert in Http_socket_enqueue but remove the message string as it causes a warning in gcc and I don't think is needed for this case. https://git.dillo-browser.org/dillo/log/?h=fix-uaf I will test it a bit with ASan enabled and merge it if nothing breaks. Best, Rodrigo.