From: Jan Beulich <jbeulich@novell.com>
Date: Mon, 17 Jan 2011 18:00:37 +0000 (+0000)
Subject: keymaps.c: fix use after free in del_key_range
X-Git-Tag: xen-4.1.0-rc2~3
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=fdb22f24bc8adb3455b771d804496e11b4570085;p=qemu-xen-4.2-testing.git

keymaps.c: fix use after free in del_key_range

Commit 99d53fbb69d3e03be61ae10506a304a3d08d792f introduced this, and
the compiler indirectly warned about it.

The patch is only compile tested (I don't even know how to reproduce
the original problem), but I suppose worth applying regardless.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: Chun Yan Liu <cyliu@novell.com>
---

diff --git a/keymaps.c b/keymaps.c
index 12b83a532..d92057fb9 100644
--- a/keymaps.c
+++ b/keymaps.c
@@ -56,15 +56,12 @@ typedef struct {
 
 static void del_key_range(struct key_range **krp, int code) {
     struct key_range *kr;
-    struct key_range *kr_pr;
-    for (kr = *krp; kr; kr_pr = kr, kr = kr->next) {
+    while ((kr = *krp) != NULL) {
         if (code >= kr->start && code <= kr->end) {
-            if (kr == *krp)
-                *krp = kr->next;
-            else
-                kr_pr->next = kr->next;
+            *krp = kr->next;
             qemu_free(kr);
-        }
+        } else
+            krp = &kr->next;
     }
 }