[Users] [Bug 3598] use after free in function summary_execute_move_func()

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Sat Jan 23 14:43:54 CET 2016


--- Comment #4 from Michael Rasmussen <mir at datanom.net> ---
(In reply to comment #3)
> Yes, that was my proposed solution. I think a "msginfo = NULL;" line at the
> end of procmsg_msginfo_free() should be enough to fix this particular
> use-after-free instance, as that function is the only way we use to free the
> heap-allocated MsgInfo structs.
> Setting all the pointer members of MsgInfo to NULL in procmsg_msginfo_free()
> is a nice safety bonus, and shouldn't incur much performance penalty.
You would still need to assign NULL to your own pointer since adding msginfo =
NULL in procmsg_msginfo_free will only operate on what your a pointing to and
not your own pointer.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list