From 668b627e9c3400a579d7057038e03e6977369c4b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 29 Mar 2014 16:25:52 -0500 Subject: [PATCH] mount_image.c: don't read freed memory in release_extra_refcnts() --- src/mount_image.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/mount_image.c b/src/mount_image.c index a7dc82a1..ac993e17 100644 --- a/src/mount_image.c +++ b/src/mount_image.c @@ -1193,9 +1193,11 @@ release_extra_refcnts(struct wimfs_context *ctx) struct wim_lookup_table *lookup_table = ctx->wim->lookup_table; struct wim_lookup_table_entry *lte, *tmp; - list_for_each_entry_safe(lte, tmp, list, orig_stream_list) - while (lte->out_refcnt--) + list_for_each_entry_safe(lte, tmp, list, orig_stream_list) { + u32 n = lte->out_refcnt; + while (n--) lte_decrement_refcnt(lte, lookup_table); + } } /* Moves the currently selected image, which may have been modified, to a new -- 2.43.0