From 5d6cc38ca36538583ff4c464c46a7c6de08608b6 Mon Sep 17 00:00:00 2001 From: Hung-Weic Chiu Date: Sat, 29 Apr 2017 15:02:31 +0000 Subject: [PATCH] Fix the "Use-after-free" of clang SA. - Set the pointer to NULL after free it, otherwise the pointer will be accessed again. (since not null) Signed-off-by: Hung-Weic Chiu --- lib/imsg-buffer.c | 4 +++- lib/imsg.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/imsg-buffer.c b/lib/imsg-buffer.c index a486fc17c1..f7b9f63778 100644 --- a/lib/imsg-buffer.c +++ b/lib/imsg-buffer.c @@ -209,8 +209,10 @@ msgbuf_clear(struct msgbuf *msgbuf) { struct ibuf *buf; - while ((buf = TAILQ_FIRST(&msgbuf->bufs)) != NULL) + while ((buf = TAILQ_FIRST(&msgbuf->bufs)) != NULL) { ibuf_dequeue(msgbuf, buf); + TAILQ_FIRST(&msgbuf->bufs) = NULL; + } } int diff --git a/lib/imsg.c b/lib/imsg.c index 246430cdd5..df3cdf510c 100644 --- a/lib/imsg.c +++ b/lib/imsg.c @@ -310,6 +310,7 @@ imsg_get_fd(struct imsgbuf *ibuf) fd = ifd->fd; TAILQ_REMOVE(&ibuf->fds, ifd, entry); free(ifd); + TAILQ_FIRST(&ibuf->fds) = NULL; return (fd); } -- 2.39.5