On Sun, Mar 25, 2018 at 3:30 AM, Jordan Miner wrote:
> When calling uci_set() to update an option, if ptr->o != NULL and
> ptr->option == NULL, then uci_expand_ptr() will set ptr->option to
> ptr->o->e.name (or the caller could set ptr->option to that value). In
> this case, the option will be freed just before calling
> uci_alloc_option() with ptr->option, which was just freed.
Patch applied with a minor tweak; thx
Hans
>
> Signed-off-by: Jordan Miner
> ---
> list.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/list.c b/list.c
> index 0347138..3c46a0b 100644
> --- a/list.c
> +++ b/list.c
> @@ -666,6 +666,7 @@ int uci_set(struct uci_context *ctx, struct uci_ptr *ptr)
> {
> /* NB: UCI_INTERNAL use means without delta tracking */
> bool internal = ctx && ctx->internal;
> + struct uci_option *o;
>
> UCI_HANDLE_ERR(ctx);
> uci_expand_ptr(ctx, ptr, false);
> @@ -698,8 +699,9 @@ int uci_set(struct uci_context *ctx, struct uci_ptr *ptr)
> if ((ptr->o->type == UCI_TYPE_STRING) &&
> !strcmp(ptr->o->v.string, ptr->value))
> return 0;
> - uci_free_option(ptr->o);
> + o = ptr->o;
> ptr->o = uci_alloc_option(ptr->s, ptr->option, ptr->value);
> + uci_free_option(o);
> ptr->last = &ptr->o->e;
> } else if (ptr->s && ptr->section) { /* update section */
> char *s = uci_strdup(ctx, ptr->value);
> --
> 2.7.4
>
>
> ___
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
