Message ID | 20230419192642.156001-1-krishna.t@nordicsemi.no |
---|---|
State | Superseded |
Headers | show |
Series | Fix use after free warning introduced by gcc 12.1 | expand |
On Thu, Apr 20, 2023 at 12:56 AM Krishna <chaitanya.mgit@gmail.com> wrote: > > From: krishna T <krishna.t@nordicsemi.no> > > gcc 12.1 complains about using pointer after realloc as it could > potentially be moved/freed, causing any uses after UB. > > Fix this by storing the pointer before realloc. > > Signed-off-by: Krishna T <krishna.t@nordicsemi.no> > --- > wpa_supplicant/bss.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c > index 320441426..2484d4e14 100644 > --- a/wpa_supplicant/bss.c > +++ b/wpa_supplicant/bss.c > @@ -724,6 +724,7 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, > bss->beacon_ie_len = res->beacon_ie_len; > } else { > struct wpa_bss *nbss; > + struct wpa_bss *old_bss = bss; > struct dl_list *prev = bss->list_id.prev; > dl_list_del(&bss->list_id); > nbss = os_realloc(bss, sizeof(*bss) + res->ie_len + > @@ -731,14 +732,14 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, > if (nbss) { > unsigned int i; > for (i = 0; i < wpa_s->last_scan_res_used; i++) { > - if (wpa_s->last_scan_res[i] == bss) { > + if (wpa_s->last_scan_res[i] == old_bss) { > wpa_s->last_scan_res[i] = nbss; > break; > } > } > - if (wpa_s->current_bss == bss) > + if (wpa_s->current_bss == old_bss) > wpa_s->current_bss = nbss; > - wpa_bss_update_pending_connect(wpa_s, bss, nbss); > + wpa_bss_update_pending_connect(wpa_s, old_bss, nbss); > bss = nbss; > os_memcpy(bss->ies, res + 1, > res->ie_len + res->beacon_ie_len); > -- > 2.34.1 The warning is still there, working on it, will send a v2.
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index 320441426..2484d4e14 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -724,6 +724,7 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, bss->beacon_ie_len = res->beacon_ie_len; } else { struct wpa_bss *nbss; + struct wpa_bss *old_bss = bss; struct dl_list *prev = bss->list_id.prev; dl_list_del(&bss->list_id); nbss = os_realloc(bss, sizeof(*bss) + res->ie_len + @@ -731,14 +732,14 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, if (nbss) { unsigned int i; for (i = 0; i < wpa_s->last_scan_res_used; i++) { - if (wpa_s->last_scan_res[i] == bss) { + if (wpa_s->last_scan_res[i] == old_bss) { wpa_s->last_scan_res[i] = nbss; break; } } - if (wpa_s->current_bss == bss) + if (wpa_s->current_bss == old_bss) wpa_s->current_bss = nbss; - wpa_bss_update_pending_connect(wpa_s, bss, nbss); + wpa_bss_update_pending_connect(wpa_s, old_bss, nbss); bss = nbss; os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);