Fix the "Use-after-free" of clang SA.

- Set the pointer to NULL after free it, otherwise the pointer will be accessed again. (since not null)

Signed-off-by: Hung-Weic Chiu <sppsorrg@gmail.com>

diff --git a/lib/imsg-buffer.c b/lib/imsg-buffer.c
index a486fc17c18d35329eb245ca2d4a051ba3e3fb03..f7b9f63778f4564a7346671b7f80d017e57271ab 100644 (file)
--- a/lib/imsg-buffer.c
+++ b/lib/imsg-buffer.c
@@ -209,8 +209,10 @@ msgbuf_clear(struct msgbuf *msgbuf)
 {
        struct ibuf     *buf;
 
-       while ((buf = TAILQ_FIRST(&msgbuf->bufs)) != NULL)
+       while ((buf = TAILQ_FIRST(&msgbuf->bufs)) != NULL) {
                ibuf_dequeue(msgbuf, buf);
+               TAILQ_FIRST(&msgbuf->bufs) = NULL;
+       }
 }
 
 int

diff --git a/lib/imsg.c b/lib/imsg.c
index 246430cdd5a56c026c2d0494be9a53b78a3c9246..df3cdf510c52c3233d69579efa35cab8b7fae73b 100644 (file)
--- a/lib/imsg.c
+++ b/lib/imsg.c
@@ -310,6 +310,7 @@ imsg_get_fd(struct imsgbuf *ibuf)
        fd = ifd->fd;
        TAILQ_REMOVE(&ibuf->fds, ifd, entry);
        free(ifd);
+       TAILQ_FIRST(&ibuf->fds) = NULL;
 
        return (fd);
 }