From 3021f18098c9d8761a47af8e7a17d1b963424d28 Mon Sep 17 00:00:00 2001 From: Syam Sidhardhan Date: Mon, 21 Jan 2013 19:03:29 +0530 Subject: [PATCH] health: Fix possible use after free A pointer to freed memory is dereferenced if we call function hdp_get_dcpsm_cb() with out any earlier reference. --- profiles/health/hdp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c index c15f06af2..a42ca4816 100644 --- a/profiles/health/hdp.c +++ b/profiles/health/hdp.c @@ -542,9 +542,9 @@ static void hdp_get_dcpsm_cb(uint16_t dcpsm, gpointer user_data, GError *err) hdp_tmp_dc_data_destroy, &gerr)) return; - hdp_tmp_dc_data_unref(hdp_conn); hdp_conn->cb(hdp_chann->mdl, err, hdp_conn); g_error_free(gerr); + hdp_tmp_dc_data_unref(hdp_conn); } static void device_reconnect_mdl_cb(struct mcap_mdl *mdl, GError *err, -- 2.47.3