The function monitor_fdset_dup_fd_find_remove() references member of 'mon_fdset'
which may be freed in function monitor_fdset_cleanup()
Reviewed-by: Gonglei <arei.gong...@huawei.com>
Signed-off-by: zhanghailiang <zhang.zhanghaili...@huawei.com>
---
monitor.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/monitor.c b/monitor.c
index cdbaa60..42ba1b6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2533,8 +2533,10 @@ static int monitor_fdset_dup_fd_find_remove(int dup_fd,
bool remove)
{
MonFdset *mon_fdset;
MonFdsetFd *mon_fdset_fd_dup;
+ int64_t id = -1;
QLIST_FOREACH(mon_fdset, &mon_fdsets, next) {
+ id = mon_fdset->id;
QLIST_FOREACH(mon_fdset_fd_dup, &mon_fdset->dup_fds, next) {
if (mon_fdset_fd_dup->fd == dup_fd) {
if (remove) {
@@ -2543,7 +2545,7 @@ static int monitor_fdset_dup_fd_find_remove(int dup_fd,
bool remove)
monitor_fdset_cleanup(mon_fdset);
}
}
- return mon_fdset->id;
+ return id;
}
}
}
--
1.7.12.4
