]> xenbits.xensource.com Git - qemu-xen-4.3-testing.git/commitdiff
projects / qemu-xen-4.3-testing.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c30481)
keymaps.c: fix use after free in del_key_range
authorJan Beulich <jbeulich@novell.com>
Mon, 17 Jan 2011 18:00:37 +0000 (18:00 +0000)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Mon, 17 Jan 2011 18:00:37 +0000 (18:00 +0000)
Commit 99d53fbb69d3e03be61ae10506a304a3d08d792f introduced this, and
the compiler indirectly warned about it.

The patch is only compile tested (I don't even know how to reproduce
the original problem), but I suppose worth applying regardless.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: Chun Yan Liu <cyliu@novell.com>
keymaps.c patch | blob | history

diff --git a/keymaps.c b/keymaps.c
index 12b83a532dbe01086c1a6e2a4019f25ccb28f5e0..d92057fb9245c2fc795d787dc5947e7d9712204c 100644 (file)
--- a/keymaps.c
+++ b/keymaps.c
@@ -56,15 +56,12 @@ typedef struct {
 
 static void del_key_range(struct key_range **krp, int code) {
     struct key_range *kr;
-    struct key_range *kr_pr;
-    for (kr = *krp; kr; kr_pr = kr, kr = kr->next) {
+    while ((kr = *krp) != NULL) {
         if (code >= kr->start && code <= kr->end) {
-            if (kr == *krp)
-                *krp = kr->next;
-            else
-                kr_pr->next = kr->next;
+            *krp = kr->next;
             qemu_free(kr);
-        }
+        } else
+            krp = &kr->next;
     }
 }
 
Unnamed repository; edit this file to name it for gitweb.