From 5763373b60ac970d4a9154de8cb3994b52e76efb Mon Sep 17 00:00:00 2001
From: Tim-Philipp Müller <tim@centricular.com>
Date: Wed, 4 Jun 2014 23:25:52 +0100
Subject: orccodemem: fix list corruption when splitting memory chunks in two

When splitting orc memory chunks in two, the 'prev' pointer of the
new memory chunk to be inserted was wrong, causing invalid memory
access and double frees later down the line.

https://bugzilla.gnome.org/show_bug.cgi?id=731227
---
 orc/orccodemem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/orc/orccodemem.c b/orc/orccodemem.c
index 2c93f77..7bb78d2 100644
--- a/orc/orccodemem.c
+++ b/orc/orccodemem.c
@@ -88,7 +88,7 @@ orc_code_chunk_split (OrcCodeChunk *chunk, int size)
   newchunk->offset = chunk->offset + size;
   newchunk->size = chunk->size - size;
   newchunk->next = chunk->next;
-  newchunk->prev = chunk->prev;
+  newchunk->prev = chunk;
 
   chunk->size = size;
   if (chunk->next) {
-- 
cgit v1.2.3