| Message ID | 20200601005600.254025-1-alainm@chromium.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [BlueZ] a2dp:fixing double free in load_remote_sep | expand |
Hi Alain, On Sun, May 31, 2020 at 6:03 PM Alain Michaud <alainm@chromium.org> wrote: > > This patch fixes a double free condition in load_remote_sep. Value is > freed, then the inner loop is broken, but the rest of the outer loop > will attempt to free value again. > > --- > > profiles/audio/a2dp.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c > index a2ce3204d..6f46c92bf 100644 > --- a/profiles/audio/a2dp.c > +++ b/profiles/audio/a2dp.c > @@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file, > > if (sscanf(caps + i, "%02hhx", tmp) != 1) { > warn("Unable to load Endpoint: seid %u", rseid); > - g_free(value); > break; > } > } > -- > 2.27.0.rc2.251.g90737beb825-goog Applied, thanks.
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index a2ce3204d..6f46c92bf 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file, if (sscanf(caps + i, "%02hhx", tmp) != 1) { warn("Unable to load Endpoint: seid %u", rseid); - g_free(value); break; } }