BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list
A null pointer assignment was missing after free() in function
pat_ref_reload() which can lead to segfault.
This bug was introduced in commit b5997f7 ("MAJOR: threads/map: Make
acls/maps thread safe").
Must be backported to 1.8.
diff --git a/src/pattern.c b/src/pattern.c
index 261a0b4..664afc9 100644
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -2067,10 +2067,8 @@
void pat_ref_reload(struct pat_ref *ref, struct pat_ref *replace)
{
struct pattern_expr *expr;
- char *err = NULL;
struct pat_ref_elt *elt, *safe;
struct bref *bref, *back;
- struct sample_data *data;
struct pattern pattern;
@@ -2105,6 +2103,9 @@
list_for_each_entry(expr, &ref->pat, list) {
expr->pat_head->prune(expr);
list_for_each_entry(elt, &ref->head, list) {
+ char *err = NULL;
+ struct sample_data *data = NULL;
+
/* Create sample */
if (elt->sample && expr->pat_head->parse_smp) {
/* New sample. */
@@ -2122,8 +2123,6 @@
}
}
- else
- data = NULL;
/* initialise pattern */
memset(&pattern, 0, sizeof(pattern));