Blame SOURCES/0040-json-don-t-leave-dangling-pointers-on-hlist.patch

19e5f4
From b7964157c40066f09411ac52547acb07d1966aee Mon Sep 17 00:00:00 2001
19e5f4
From: Phil Sutter <psutter@redhat.com>
19e5f4
Date: Tue, 12 Jan 2021 15:49:43 +0100
19e5f4
Subject: [PATCH] json: don't leave dangling pointers on hlist
19e5f4
19e5f4
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1900565
19e5f4
Upstream Status: nftables commit 48917d876d51c
19e5f4
19e5f4
commit 48917d876d51cd6ba5bff07172acef05c9e12474
19e5f4
Author: Florian Westphal <fw@strlen.de>
19e5f4
Date:   Mon Dec 14 16:53:29 2020 +0100
19e5f4
19e5f4
    json: don't leave dangling pointers on hlist
19e5f4
19e5f4
    unshare -n tests/json_echo/run-test.py
19e5f4
    [..]
19e5f4
    Adding chain c
19e5f4
    free(): double free detected in tcache 2
19e5f4
    Aborted (core dumped)
19e5f4
19e5f4
    The element must be deleted from the hlist prior to freeing it.
19e5f4
19e5f4
    Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
19e5f4
    Signed-off-by: Florian Westphal <fw@strlen.de>
19e5f4
---
19e5f4
 src/parser_json.c | 4 +++-
19e5f4
 1 file changed, 3 insertions(+), 1 deletion(-)
19e5f4
19e5f4
diff --git a/src/parser_json.c b/src/parser_json.c
19e5f4
index 785f0e7..986f128 100644
19e5f4
--- a/src/parser_json.c
19e5f4
+++ b/src/parser_json.c
19e5f4
@@ -3670,8 +3670,10 @@ static void json_cmd_assoc_free(void)
19e5f4
 
19e5f4
 	for (i = 0; i < CMD_ASSOC_HSIZE; i++) {
19e5f4
 		hlist_for_each_entry_safe(cur, pos, n,
19e5f4
-					  &json_cmd_assoc_hash[i], hnode)
19e5f4
+					  &json_cmd_assoc_hash[i], hnode) {
19e5f4
+			hlist_del(&cur->hnode);
19e5f4
 			free(cur);
19e5f4
+		}
19e5f4
 	}
19e5f4
 }
19e5f4
 
19e5f4
-- 
bfbb76
2.31.1
19e5f4