[sr-dev] git:master: dialog(k): reset the pointer value after free

Module: sip-router Branch: master Commit: 4e196f47767dc8da8da560f57afc92add541b672 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=4e196f4… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Fri Oct 29 11:52:59 2010 +0200 dialog(k): reset the pointer value after free - otherwise may result in double free, reported by Alex Balashov --- modules_k/dialog/dlg_hash.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) diff --git a/modules_k/dialog/dlg_hash.c b/modules_k/dialog/dlg_hash.c index 3ec22a4..0c14f05 100644 --- a/modules_k/dialog/dlg_hash.c +++ b/modules_k/dialog/dlg_hash.c @@ -297,8 +297,16 @@ int dlg_set_leg_info(struct dlg_cell *dlg, str* tag, str *rr, str *contact, dlg->cseq[leg].s = (char*)shm_malloc( cseq->len ); if ( dlg->tag[leg].s==NULL || dlg->cseq[leg].s==NULL) { LM_ERR("no more shm mem\n"); - if (dlg->tag[leg].s) shm_free(dlg->tag[leg].s); - if (dlg->cseq[leg].s) shm_free(dlg->cseq[leg].s); + if (dlg->tag[leg].s) + { + shm_free(dlg->tag[leg].s); + dlg->tag[leg].s = NULL; + } + if (dlg->cseq[leg].s) + { + shm_free(dlg->cseq[leg].s); + dlg->cseq[leg].s = NULL; + } return -1; } p = dlg->tag[leg].s;