diff options
| author | zhanghailiang <zhang.zhanghailiang@huawei.com> | 2014-08-14 15:29:12 +0800 |
|---|---|---|
| committer | Michael Tokarev <mjt@tls.msk.ru> | 2014-08-15 19:12:48 +0400 |
| commit | 2c145d7a73206afc576fea86514e892e11481dab (patch) | |
| tree | b82cd36c6b9a4af4493406e94a7385f9119af878 | |
| parent | 8945c7f75419a8191f3e99b341f1a485b48af766 (diff) | |
| download | qemu-2c145d7a73206afc576fea86514e892e11481dab.tar.gz | |
l2cap: fix access to freed memory
Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after
it was previously freed in 'l2cap_channel_open'.
Assigned it to NULL after it is freed.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
| -rw-r--r-- | hw/bt/l2cap.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c index 2301d6f87f..591e047781 100644 --- a/hw/bt/l2cap.c +++ b/hw/bt/l2cap.c @@ -429,7 +429,7 @@ static struct l2cap_chan_s *l2cap_channel_open(struct l2cap_instance_s *l2cap, status = L2CAP_CS_NO_INFO; } else { g_free(ch); - + ch = NULL; result = L2CAP_CR_NO_MEM; status = L2CAP_CS_NO_INFO; } |