Fix use-after-free in dev_abort()

author ratchov <ratchov@openbsd.org>

Tue, 2 Feb 2021 11:18:57 +0000 (11:18 +0000)

committer ratchov <ratchov@openbsd.org>

Tue, 2 Feb 2021 11:18:57 +0000 (11:18 +0000)
author ratchov <ratchov@openbsd.org>
Tue, 2 Feb 2021 11:18:57 +0000 (11:18 +0000)
committer ratchov <ratchov@openbsd.org>
Tue, 2 Feb 2021 11:18:57 +0000 (11:18 +0000)
diff --git a/usr.bin/sndiod/dev.c b/usr.bin/sndiod/dev.c

index 176e8b1..6e2e1a6 100644 (file)
--- a/usr.bin/sndiod/dev.c
+++ b/usr.bin/sndiod/dev.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dev.c,v 1.89 2021/01/29 11:38:23 ratchov Exp $        */
+/*     $OpenBSD: dev.c,v 1.90 2021/02/02 11:18:57 ratchov Exp $        */
  /*
   * Copyright (c) 2008-2012 Alexandre Ratchov <alex@caoua.org>
   *
@@ -1281,12 +1281,12 @@ dev_abort(struct dev *d)
         d->slot_list = NULL;
  
         for (c = ctlslot_array, i = DEV_NCTLSLOT; i > 0; i--, c++) {
+               if (c->ops == NULL)
+                       continue;
                 if (c->opt->dev != d)
                         continue;
-               if (c->ops) {
-                       c->ops->exit(c->arg);
-                       c->ops = NULL;
-               }
+               c->ops->exit(c->arg);
+               c->ops = NULL;
         }
  
         midi_abort(d->midi);
author	ratchov <ratchov@openbsd.org>
	Tue, 2 Feb 2021 11:18:57 +0000 (11:18 +0000)
committer	ratchov <ratchov@openbsd.org>
	Tue, 2 Feb 2021 11:18:57 +0000 (11:18 +0000)