From 2c145d7a73206afc576fea86514e892e11481dab Mon Sep 17 00:00:00 2001 From: zhanghailiang Date: Thu, 14 Aug 2014 15:29:12 +0800 Subject: l2cap: fix access to freed memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after it was previously freed in 'l2cap_channel_open'. Assigned it to NULL after it is freed. Reviewed-by: Alex Bennée Reviewed-by: Michael S. Tsirkin Signed-off-by: zhanghailiang Signed-off-by: Michael Tokarev --- hw/bt/l2cap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c index 2301d6f87f..591e047781 100644 --- a/hw/bt/l2cap.c +++ b/hw/bt/l2cap.c @@ -429,7 +429,7 @@ static struct l2cap_chan_s *l2cap_channel_open(struct l2cap_instance_s *l2cap, status = L2CAP_CS_NO_INFO; } else { g_free(ch); - + ch = NULL; result = L2CAP_CR_NO_MEM; status = L2CAP_CS_NO_INFO; } -- cgit v1.2.3