mount_image.c: don't read freed memory in release_extra_refcnts()

author Eric Biggers <ebiggers3@gmail.com>

Sat, 29 Mar 2014 21:25:52 +0000 (16:25 -0500)

committer Eric Biggers <ebiggers3@gmail.com>

Sat, 29 Mar 2014 21:26:16 +0000 (16:26 -0500)
author Eric Biggers <ebiggers3@gmail.com>
Sat, 29 Mar 2014 21:25:52 +0000 (16:25 -0500)
committer Eric Biggers <ebiggers3@gmail.com>
Sat, 29 Mar 2014 21:26:16 +0000 (16:26 -0500)
diff --git a/src/mount_image.c b/src/mount_image.c

index a7dc82a..ac993e1 100644 (file)
--- a/src/mount_image.c
+++ b/src/mount_image.c
@@ -1193,9 +1193,11 @@ release_extra_refcnts(struct wimfs_context *ctx)
         struct wim_lookup_table *lookup_table = ctx->wim->lookup_table;
         struct wim_lookup_table_entry *lte, *tmp;
  
-       list_for_each_entry_safe(lte, tmp, list, orig_stream_list)
-               while (lte->out_refcnt--)
+       list_for_each_entry_safe(lte, tmp, list, orig_stream_list) {
+               u32 n = lte->out_refcnt;
+               while (n--)
                         lte_decrement_refcnt(lte, lookup_table);
+       }
  }
  
  /* Moves the currently selected image, which may have been modified, to a new
author	Eric Biggers <ebiggers3@gmail.com>
	Sat, 29 Mar 2014 21:25:52 +0000 (16:25 -0500)
committer	Eric Biggers <ebiggers3@gmail.com>
	Sat, 29 Mar 2014 21:26:16 +0000 (16:26 -0500)