cbch: Fix bts_smscb_state_reset() to avoid double-free
If the currently transmitted message is the default message, bts_ss->cur_msg == bts_ss->derfault_msg. In this case we cannot simply talloc_free() both of them, as it would result in a boudle-free. Change-Id: I2d3645e34d31507b012a53ffe12d14223682f808 Closes: OS#5325 Fixes: Ib01d38c59ba9fa083fcc0682009c13d2db3664fe
This commit is contained in:
parent
40e97f3d02
commit
79f21c4ed1
|
@ -332,7 +332,10 @@ static void bts_smscb_state_reset(struct bts_smscb_state *bts_ss)
|
|||
}
|
||||
bts_ss->queue_len = 0;
|
||||
rate_ctr_group_reset(bts_ss->ctrs);
|
||||
TALLOC_FREE(bts_ss->cur_msg);
|
||||
/* avoid double-free of default_msg in case cur_msg == default_msg */
|
||||
if (bts_ss->cur_msg && bts_ss->cur_msg != bts_ss->default_msg)
|
||||
talloc_free(bts_ss->cur_msg);
|
||||
bts_ss->cur_msg = NULL;
|
||||
TALLOC_FREE(bts_ss->default_msg);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue