audiod: Avoid segfault on exit.

When para_audiod terminates, it calls clean_exit() which closes
all slots unconditionally, regardless of whether they are in use.
This may lead to a segfault due to an invalid read:

	==25253== Invalid read of size 4
	==25253==    at 0x40EBEA: close_slot (audiod.c:443)
	==25253==    by 0x40FCE8: clean_exit (audiod.c:1163)
	==25253==    by 0x40FD7D: signal_post_select (audiod.c:1014)
	==25253==    by 0x41490A: schedule (sched.c:65)
	==25253==    by 0x406BC3: main (audiod.c:1436)
	==25253==  Address 0x5c19d8 is not stack'd, malloc'd or (recently) free'd

This bug was introduced 9 month ago in commit eec23a69 (audiod:
Fix memory leak on exit: close slots). Fix it by calling
close_unused_slots(). This also simplifies clean_exit() a bit.

diff --git a/audiod.c b/audiod.c
index d815c4aa6c98e699dc48304cd96db1d14c28035b..a8f401834b8a438d7b21d96920bc7b735f0a6c6b 100644 (file)
--- a/audiod.c
+++ b/audiod.c
@@ -1153,13 +1153,10 @@ static void close_unused_slots(void)
  */
 void __noreturn clean_exit(int status, const char *msg)
 {
-       int i;
-
        if (socket_name)
                unlink(socket_name);
        close_stat_pipe();
-       FOR_EACH_SLOT(i)
-               close_slot(i);
+       close_unused_slots();
        audiod_cmdline_parser_free(&conf);
        close_stat_clients();
        PARA_EMERG_LOG("%s\n", msg);