cmd was dereferenced after free. Use temp pointer for freeing.
---
emulator/bthost.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/emulator/bthost.c b/emulator/bthost.c
index 10e7a05..b05072a 100644
--- a/emulator/bthost.c
+++ b/emulator/bthost.c
@@ -186,13 +186,15 @@ static struct l2conn *btconn_find_l2cap_conn_by_scid(struct btconn *conn,
void bthost_destroy(struct bthost *bthost)
{
- struct cmd *cmd;
-
if (!bthost)
return;
- for (cmd = bthost->cmd_q.tail; cmd != NULL; cmd = cmd->next)
+ while (bthost->cmd_q.tail) {
+ struct cmd *cmd = bthost->cmd_q.tail;
+
+ bthost->cmd_q.tail = cmd->next;
free(cmd);
+ }
while (bthost->conns) {
struct btconn *conn = bthost->conns;
--
1.8.5.1
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
