From c6b162ef180ab02121fd565f3371dfba72d266f1 Mon Sep 17 00:00:00 2001 From: Mizarka Date: Wed, 11 Feb 2026 18:34:50 +0000 Subject: [PATCH] Fix user-after-free --- net/net-msg-buffers.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/net-msg-buffers.c b/net/net-msg-buffers.c index 1628799e..b0f76c0b 100644 --- a/net/net-msg-buffers.c +++ b/net/net-msg-buffers.c @@ -290,9 +290,6 @@ void free_msg_buffers_chunk_internal (struct msg_buffers_chunk *C, struct msg_bu __sync_fetch_and_add (&allocated_buffer_chunks, -1); MODULE_STAT->allocated_buffer_bytes -= MSG_BUFFERS_CHUNK_SIZE; - memset (C, 0, sizeof (struct msg_buffers_chunk)); - free (C); - int si = buffer_size_values - 1; while (si > 0 && &ChunkHeaders[si-1] != CH) { si--; @@ -304,7 +301,9 @@ void free_msg_buffers_chunk_internal (struct msg_buffers_chunk *C, struct msg_bu } free_mp_queue (C->free_block_queue); - C->free_block_queue = NULL; + + memset (C, 0, sizeof (struct msg_buffers_chunk)); + free (C); }