1
FILE* file = fopen(some file)

pcap_t* pd = pcap_fopen_offline(file)

pcap_close(pd)

fclose(file)

This code occurs double free error.

Could you explain about this happening?

My Guess is that pd and file pointers are sharing some datas.

Progman
  • 16,827
  • 6
  • 33
  • 48
KS_No
  • 13
  • 3
  • 1
    They share the file descriptor. I checked file descriptor of *file via fileno, before and after pcap_close call. Then, the file descriptor had changed 3 to -1. Still *file is available but system doesn't have the file descriptor. Still, I don't know why this situation make a double free, but using pcap_close and fclose together can occur some problem. – KS_No Jun 09 '23 at 04:17

1 Answers1

1

As the documentation says, the pcap_close function closes the files associated with the pcap_t structure passed to it. Closing the file again with fclose is an error.

David Schwartz
  • 179,497
  • 17
  • 214
  • 278