Message ID | 1396284100.1214631467358955163.JavaMail.weblogic@epmlwas01b |
---|---|
State | Changes Requested |
Headers | show |
On Fri, Jul 01, 2016 at 07:42:35AM +0000, MAYANK HAARIT wrote: > As p2p->after_scan_tx is already freeing in p2p_flush() , Although p2p->after_scan_tx is assigning to NULL in p2p_flush() . So double free in p2p_deinit() is dead code. "Double free" is normally used to refer to a critical security vulnerability. What you describe here is no such thing. p2p_flush() clearly resets the pointer to NULL and there is no double freeing of anything here. As such, this commit log is really misleading and should be reworded as doing cleanup by removing unnecessary os_free() call. > Signed-off-by: Mayank Haarit The Signed-off-by: line needs to include an email address as described in the top level CONTRIBUTIONS file.
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c index a209a56..f2b891b 100644 --- a/src/p2p/p2p.c +++ b/src/p2p/p2p.c @@ -2980,7 +2980,6 @@ void p2p_deinit(struct p2p_data *p2p) os_free(p2p->groups); p2ps_prov_free(p2p); wpabuf_free(p2p->sd_resp); - os_free(p2p->after_scan_tx); p2p_remove_wps_vendor_extensions(p2p); os_free(p2p->no_go_freq.range); p2p_service_flush_asp(p2p);
As p2p->after_scan_tx is already freeing in p2p_flush() , Although p2p->after_scan_tx is assigning to NULL in p2p_flush() . So double free in p2p_deinit() is dead code. Signed-off-by: Mayank Haarit --- src/p2p/p2p.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) -- 1.7.0.4