From: John Ernberg <[email protected]>
When issuing a Scan() in poor reception while attached to an operator it's
fully possible to get no results, which causes the attached operator to be
cleaned up. In certain scenarios this would cause a use-after-free.
Make sure to clean up all the references to the operator when it's destroyed.
---
src/network.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/network.c b/src/network.c
index 1dddcac..5329c28 100644
--- a/src/network.c
+++ b/src/network.c
@@ -257,6 +257,9 @@ static void network_operator_destroy(gpointer user_data)
{
struct network_operator_data *op = user_data;
+ if (op->netreg->current_operator == op)
+ op->netreg->current_operator = NULL;
+
g_free(op);
}
--
1.9.1
_______________________________________________
ofono mailing list
[email protected]
https://lists.ofono.org/mailman/listinfo/ofono
