[PATCH] Fix use after free warning introduced by gcc 12.1
Krishna
chaitanya.mgit at gmail.com
Wed Apr 19 12:26:42 PDT 2023
From: krishna T <krishna.t at nordicsemi.no>
gcc 12.1 complains about using pointer after realloc as it could
potentially be moved/freed, causing any uses after UB.
Fix this by storing the pointer before realloc.
Signed-off-by: Krishna T <krishna.t at nordicsemi.no>
---
wpa_supplicant/bss.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 320441426..2484d4e14 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -724,6 +724,7 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
bss->beacon_ie_len = res->beacon_ie_len;
} else {
struct wpa_bss *nbss;
+ struct wpa_bss *old_bss = bss;
struct dl_list *prev = bss->list_id.prev;
dl_list_del(&bss->list_id);
nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
@@ -731,14 +732,14 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
if (nbss) {
unsigned int i;
for (i = 0; i < wpa_s->last_scan_res_used; i++) {
- if (wpa_s->last_scan_res[i] == bss) {
+ if (wpa_s->last_scan_res[i] == old_bss) {
wpa_s->last_scan_res[i] = nbss;
break;
}
}
- if (wpa_s->current_bss == bss)
+ if (wpa_s->current_bss == old_bss)
wpa_s->current_bss = nbss;
- wpa_bss_update_pending_connect(wpa_s, bss, nbss);
+ wpa_bss_update_pending_connect(wpa_s, old_bss, nbss);
bss = nbss;
os_memcpy(bss->ies, res + 1,
res->ie_len + res->beacon_ie_len);
--
2.34.1
More information about the Hostap
mailing list