|
|
fdae68 |
From b7964157c40066f09411ac52547acb07d1966aee Mon Sep 17 00:00:00 2001
|
|
|
fdae68 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
fdae68 |
Date: Tue, 12 Jan 2021 15:49:43 +0100
|
|
|
fdae68 |
Subject: [PATCH] json: don't leave dangling pointers on hlist
|
|
|
fdae68 |
|
|
|
fdae68 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1900565
|
|
|
fdae68 |
Upstream Status: nftables commit 48917d876d51c
|
|
|
fdae68 |
|
|
|
fdae68 |
commit 48917d876d51cd6ba5bff07172acef05c9e12474
|
|
|
fdae68 |
Author: Florian Westphal <fw@strlen.de>
|
|
|
fdae68 |
Date: Mon Dec 14 16:53:29 2020 +0100
|
|
|
fdae68 |
|
|
|
fdae68 |
json: don't leave dangling pointers on hlist
|
|
|
fdae68 |
|
|
|
fdae68 |
unshare -n tests/json_echo/run-test.py
|
|
|
fdae68 |
[..]
|
|
|
fdae68 |
Adding chain c
|
|
|
fdae68 |
free(): double free detected in tcache 2
|
|
|
fdae68 |
Aborted (core dumped)
|
|
|
fdae68 |
|
|
|
fdae68 |
The element must be deleted from the hlist prior to freeing it.
|
|
|
fdae68 |
|
|
|
fdae68 |
Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
|
|
|
fdae68 |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
fdae68 |
---
|
|
|
fdae68 |
src/parser_json.c | 4 +++-
|
|
|
fdae68 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
fdae68 |
|
|
|
fdae68 |
diff --git a/src/parser_json.c b/src/parser_json.c
|
|
|
fdae68 |
index 785f0e7..986f128 100644
|
|
|
fdae68 |
--- a/src/parser_json.c
|
|
|
fdae68 |
+++ b/src/parser_json.c
|
|
|
fdae68 |
@@ -3670,8 +3670,10 @@ static void json_cmd_assoc_free(void)
|
|
|
fdae68 |
|
|
|
fdae68 |
for (i = 0; i < CMD_ASSOC_HSIZE; i++) {
|
|
|
fdae68 |
hlist_for_each_entry_safe(cur, pos, n,
|
|
|
fdae68 |
- &json_cmd_assoc_hash[i], hnode)
|
|
|
fdae68 |
+ &json_cmd_assoc_hash[i], hnode) {
|
|
|
fdae68 |
+ hlist_del(&cur->hnode);
|
|
|
fdae68 |
free(cur);
|
|
|
fdae68 |
+ }
|
|
|
fdae68 |
}
|
|
|
fdae68 |
}
|
|
|
fdae68 |
|
|
|
fdae68 |
--
|
|
|
252916 |
2.31.1
|
|
|
fdae68 |
|