From b8c42b985d725ed92b97f8c6cb871a90425b9fa8 Mon Sep 17 00:00:00 2001 From: Paul Richards Date: Wed, 8 Dec 2010 15:48:55 +0900 Subject: [PATCH] Fix for segmentation fault from freed memory access in jtag_unregister_event_callback() --- src/jtag/core.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/src/jtag/core.c b/src/jtag/core.c index b8953094..dfedc172 100644 --- a/src/jtag/core.c +++ b/src/jtag/core.c @@ -296,28 +296,24 @@ int jtag_register_event_callback(jtag_event_handler_t callback, void *priv) int jtag_unregister_event_callback(jtag_event_handler_t callback, void *priv) { - struct jtag_event_callback **callbacks_p; - struct jtag_event_callback **next; + struct jtag_event_callback **p = &jtag_event_callbacks, *temp; if (callback == NULL) { return ERROR_INVALID_ARGUMENTS; } - for (callbacks_p = &jtag_event_callbacks; - *callbacks_p != NULL; - callbacks_p = next) + while (*p) { - next = &((*callbacks_p)->next); - - if ((*callbacks_p)->priv != priv) - continue; - - if ((*callbacks_p)->callback == callback) + if (((*p)->priv != priv) || ((*p)->callback != callback)) { - free(*callbacks_p); - *callbacks_p = *next; + p = &(*p)->next; + continue; } + + temp = *p; + *p = (*p)->next; + free(temp); } return ERROR_OK; -- 2.39.5