commit 5867133708a098e24e9f1b4033726559c904a1ea
parent dd0d45c180613d672dcbbf3cb252bc669c7822d5
Author: Jacob R. Edwards <jacobouno@protonmail.com>
Date: Fri, 16 Jul 2021 19:19:06 -0700
Fix write after free in aps_close
Since queue_remove accesses the player, the player must be freed
after the queue. It makes more sense to use item functions directly
but queue_remove makes things easier.
Diffstat:
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/aps/aps.c b/aps/aps.c
@@ -74,17 +74,18 @@ aps_close(struct aps *aps)
if (aps == NULL)
return;
+ while (aps->queue)
+ queue_remove(aps, aps->queue);
+ pfree(aps->player);
+
for (i = 0; i < LEN(aps->pfds); ++i)
if (aps->pfds[i].fd != -1)
aps_drop(aps, i);
-
apclose(aps->con);
- pfree(aps->player);
for (i = 0; i < arglen(aps->next); ++i)
free(aps->next[i]);
- while (aps->queue)
- queue_remove(aps, aps->queue);
+
free(aps);
}
