[PATCH] Fix use after free warning introduced by gcc 12.1
Krishna Chaitanya
chaitanya.mgit at gmail.com
Thu Apr 20 10:58:28 PDT 2023
On Thu, Apr 20, 2023 at 12:56 AM Krishna <chaitanya.mgit at gmail.com> wrote:
>
> From: krishna T <krishna.t at nordicsemi.no>
>
> gcc 12.1 complains about using pointer after realloc as it could
> potentially be moved/freed, causing any uses after UB.
>
> Fix this by storing the pointer before realloc.
>
> Signed-off-by: Krishna T <krishna.t at nordicsemi.no>
> ---
> wpa_supplicant/bss.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
> index 320441426..2484d4e14 100644
> --- a/wpa_supplicant/bss.c
> +++ b/wpa_supplicant/bss.c
> @@ -724,6 +724,7 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
> bss->beacon_ie_len = res->beacon_ie_len;
> } else {
> struct wpa_bss *nbss;
> + struct wpa_bss *old_bss = bss;
> struct dl_list *prev = bss->list_id.prev;
> dl_list_del(&bss->list_id);
> nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
> @@ -731,14 +732,14 @@ wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
> if (nbss) {
> unsigned int i;
> for (i = 0; i < wpa_s->last_scan_res_used; i++) {
> - if (wpa_s->last_scan_res[i] == bss) {
> + if (wpa_s->last_scan_res[i] == old_bss) {
> wpa_s->last_scan_res[i] = nbss;
> break;
> }
> }
> - if (wpa_s->current_bss == bss)
> + if (wpa_s->current_bss == old_bss)
> wpa_s->current_bss = nbss;
> - wpa_bss_update_pending_connect(wpa_s, bss, nbss);
> + wpa_bss_update_pending_connect(wpa_s, old_bss, nbss);
> bss = nbss;
> os_memcpy(bss->ies, res + 1,
> res->ie_len + res->beacon_ie_len);
> --
> 2.34.1
The warning is still there, working on it, will send a v2.
More information about the Hostap
mailing list