From fdb22f24bc8adb3455b771d804496e11b4570085 Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Mon, 17 Jan 2011 18:00:37 +0000 Subject: [PATCH] keymaps.c: fix use after free in del_key_range Commit 99d53fbb69d3e03be61ae10506a304a3d08d792f introduced this, and the compiler indirectly warned about it. The patch is only compile tested (I don't even know how to reproduce the original problem), but I suppose worth applying regardless. Signed-off-by: Jan Beulich Cc: Chun Yan Liu --- keymaps.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/keymaps.c b/keymaps.c index 12b83a532..d92057fb9 100644 --- a/keymaps.c +++ b/keymaps.c @@ -56,15 +56,12 @@ typedef struct { static void del_key_range(struct key_range **krp, int code) { struct key_range *kr; - struct key_range *kr_pr; - for (kr = *krp; kr; kr_pr = kr, kr = kr->next) { + while ((kr = *krp) != NULL) { if (code >= kr->start && code <= kr->end) { - if (kr == *krp) - *krp = kr->next; - else - kr_pr->next = kr->next; + *krp = kr->next; qemu_free(kr); - } + } else + krp = &kr->next; } } -- 2.39.5