Commit ab66a56a authored by Matthieu Boutier's avatar Matthieu Boutier Committed by Juliusz Chroboczek

Fix route->channels double-free corruption.

The code assumes that route->channels is NULL when route->channels_len
is 0, such that free(route->channels) will work.

Think about this scenario:
  update(r, some channels)  # route->channels = malloc(…)
  update(r, no channel)  # free(route->channels)
  update(r, no channel)  # free(route->channels)

Thanks to Dave Taht for pointing the issue.
parent e687a58f
...@@ -918,6 +918,7 @@ update_route(const unsigned char *id, ...@@ -918,6 +918,7 @@ update_route(const unsigned char *id,
if(channels_len == 0) { if(channels_len == 0) {
free(route->channels); free(route->channels);
route->channels = NULL;
route->channels_len = 0; route->channels_len = 0;
} else { } else {
if(channels_len != route->channels_len) { if(channels_len != route->channels_len) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment