If the talloc_realloc() fails, asn1_write calls talloc_free on the context and then immediately dereferences the pointer.
Fix this by skipping the talloc_free here. Let the caller handle it. Signed-off-by: Jeff Layton <[email protected]> --- asn1.c | 1 - 1 file changed, 1 deletion(-) diff --git a/asn1.c b/asn1.c index ea50a23..4c0e480 100644 --- a/asn1.c +++ b/asn1.c @@ -47,7 +47,6 @@ bool asn1_write(struct asn1_data *data, const void *p, int len) uint8_t *newp; newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len); if (!newp) { - asn1_free(data); data->has_error = true; return false; } -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
