rebuild_wim(): Fix use of freed memory
authorEric Biggers <ebiggers3@gmail.com>
Tue, 1 Jan 2013 06:42:01 +0000 (00:42 -0600)
committerEric Biggers <ebiggers3@gmail.com>
Tue, 1 Jan 2013 06:42:01 +0000 (00:42 -0600)
update_lte_of_staging_file() can result in the freeing of the lookup table
entry, so the staging list should be traversed with list_for_each_entry_safe()
rather than list_for_each_entry().

src/mount_image.c

index d2ce94b215e36e1ab774a34cf90b12d07d71eb64..28a807d7afdfd7d26537a57a97d99e5203564841 100644 (file)
@@ -802,7 +802,7 @@ static int rebuild_wim(struct wimfs_context *ctx, int write_flags,
        }
 
        DEBUG("Calculating SHA1 checksums for all new staging files.");
-       list_for_each_entry(lte, &ctx->staging_list, staging_list) {
+       list_for_each_entry_safe(lte, tmp, &ctx->staging_list, staging_list) {
                ret = update_lte_of_staging_file(lte, w->lookup_table);
                if (ret != 0)
                        return ret;