diff options
| author | Gopal Tiwari <gtiwari@redhat.com> | 2022-05-31 13:11:17 +0530 |
|---|---|---|
| committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-05-31 13:08:58 -0700 |
| commit | 5cdaeaefc350ea3c42719284b88406579d032fb6 (patch) | |
| tree | 18b543eee0fa4eb686be2849a5f152a456caa5df /tools | |
| parent | 56bda20ce9e3e5c4684b37cffd4527264c2b4c1e (diff) | |
mesh-gatt: Fix use_after_free
Following scenario happens when prov is false and we have double free as
mentioned in the below
bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees
"in_str".
bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free"
frees pointer "in_str" which has already been freed.
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/mesh-gatt/prov-db.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/mesh-gatt/prov-db.c b/tools/mesh-gatt/prov-db.c index 2fb08f799c..a5b6997e0c 100644 --- a/tools/mesh-gatt/prov-db.c +++ b/tools/mesh-gatt/prov-db.c @@ -859,7 +859,8 @@ bool prov_db_local_set_iv_index(uint32_t iv_index, bool update, bool prov) set_local_iv_index(jmain, iv_index, update); prov_file_write(jmain, false); - } + } else + return true; res = true; done: |