l2cap: fix access to freed memory

Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after it was previously freed in 'l2cap_channel_open'. Assigned it to NULL after it is freed. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
author: zhanghailiang <zhang.zhanghailiang@huawei.com> 2014-08-14 15:29:12 +0800
committer: Michael Tokarev <mjt@tls.msk.ru> 2014-08-15 19:12:48 +0400
commit: 2c145d7a73206afc576fea86514e892e11481dab (patch)
tree: b82cd36c6b9a4af4493406e94a7385f9119af878 /hw/bt/l2cap.c
parent: 8945c7f75419a8191f3e99b341f1a485b48af766 (diff)
download: qemu-2c145d7a73206afc576fea86514e892e11481dab.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c
index 2301d6f87f..591e047781 100644
--- a/hw/bt/l2cap.c
+++ b/hw/bt/l2cap.c
@@ -429,7 +429,7 @@ static struct l2cap_chan_s *l2cap_channel_open(struct l2cap_instance_s *l2cap,
                 status = L2CAP_CS_NO_INFO;
             } else {
                 g_free(ch);
-
+                ch = NULL;
                 result = L2CAP_CR_NO_MEM;
                 status = L2CAP_CS_NO_INFO;
             }
author	zhanghailiang <zhang.zhanghailiang@huawei.com>	2014-08-14 15:29:12 +0800
committer	Michael Tokarev <mjt@tls.msk.ru>	2014-08-15 19:12:48 +0400
commit	2c145d7a73206afc576fea86514e892e11481dab (patch)
tree	b82cd36c6b9a4af4493406e94a7385f9119af878 /hw/bt/l2cap.c
parent	8945c7f75419a8191f3e99b341f1a485b48af766 (diff)
download	qemu-2c145d7a73206afc576fea86514e892e11481dab.zip