summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2022-04-30 15:04:53 -0700
committerAlan Coopersmith <alan.coopersmith@oracle.com>2022-04-30 15:04:53 -0700
commitd70c666549a9ee17de7349904529cf41bf023926 (patch)
tree15866f26bd7718995703977231512908602592dc
parent8d2cb9e7a897a070b2509f9de60961c9d154ee99 (diff)
ConnectToPeer: be doubly sure that use-after-free doesn't happen
This resolves an issue reported by the Oracle Parfait static analyzer: Error: Use after free Use after free [use-after-free] (CWE 416): Use after free of pointer trans_conn at line 566 of lib/libICE/src/connect.c in function 'ConnectToPeer'. trans_conn previously freed with _IceTransClose at line 532 trans_conn was allocated at line 525 with _IceTransOpenCOTSClient even though I believe this is already handled by the 'if (madeConnection) { ... } else trans_conn = NULL;' block, but the analyzer apparently doesn't follow that logic, while this simple change makes it obvious. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r--src/connect.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/connect.c b/src/connect.c
index b39ca3c..b52b566 100644
--- a/src/connect.c
+++ b/src/connect.c
@@ -530,6 +530,7 @@ ConnectToPeer (char *networkIdsList, char **actualConnectionRet)
if ((connect_stat = _IceTransConnect (trans_conn, address)) < 0)
{
_IceTransClose (trans_conn);
+ trans_conn = NULL;
if (connect_stat == TRANS_TRY_CONNECT_AGAIN)
{