This patch fixes a double free condition in load_remote_sep. Value is
freed, then the inner loop is broken, but the rest of the outer loop
will attempt to free value again.
---
profiles/audio/a2dp.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
index a2ce3204d..6f46c92bf 100644
--- a/profiles/audio/a2dp.c
+++ b/profiles/audio/a2dp.c
@@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
if (sscanf(caps + i, "%02hhx", tmp) != 1) {
warn("Unable to load Endpoint: seid %u", rseid);
- g_free(value);
break;
}
}
--
2.27.0.rc2.251.g90737beb825-goog
Hi Alain,
On Sun, May 31, 2020 at 6:03 PM Alain Michaud <[email protected]> wrote:
>
> This patch fixes a double free condition in load_remote_sep. Value is
> freed, then the inner loop is broken, but the rest of the outer loop
> will attempt to free value again.
>
> ---
>
> profiles/audio/a2dp.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c
> index a2ce3204d..6f46c92bf 100644
> --- a/profiles/audio/a2dp.c
> +++ b/profiles/audio/a2dp.c
> @@ -1967,7 +1967,6 @@ static void load_remote_sep(struct a2dp_channel *chan, GKeyFile *key_file,
>
> if (sscanf(caps + i, "%02hhx", tmp) != 1) {
> warn("Unable to load Endpoint: seid %u", rseid);
> - g_free(value);
> break;
> }
> }
> --
> 2.27.0.rc2.251.g90737beb825-goog
Applied, thanks.
--
Luiz Augusto von Dentz