]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd56eb0)
lib-imap: imap_parser_unref() should always set parser=NULL
authorTimo Sirainen <timo.sirainen@dovecot.fi>
Thu, 18 May 2017 16:40:04 +0000 (19:40 +0300)
committerTimo Sirainen <timo.sirainen@dovecot.fi>
Fri, 19 May 2017 10:56:25 +0000 (13:56 +0300)
Not just when the last reference is cleared. This is how *_unref()s should
work everywhere in Dovecot. This fixes a bug in lib-imap-client where a
parser could have been accessed after it was already freed.

src/lib-imap/imap-parser.c patch | blob | blame | history

diff --git a/src/lib-imap/imap-parser.c b/src/lib-imap/imap-parser.c
index 14290e8862c4869e335c3f2d1e240c791a4f78ae..9df169e82d872925eb1cdd0201b17f6d1794ed20 100644 (file)
--- a/src/lib-imap/imap-parser.c
+++ b/src/lib-imap/imap-parser.c
@@ -91,16 +91,18 @@ void imap_parser_ref(struct imap_parser *parser)
        parser->refcount++;
 }
 
-void imap_parser_unref(struct imap_parser **parser)
+void imap_parser_unref(struct imap_parser **_parser)
 {
-       i_assert((*parser)->refcount > 0);
+       struct imap_parser *parser = *_parser;
 
-       if (--(*parser)->refcount > 0)
+       *_parser = NULL;
+
+       i_assert(parser->refcount > 0);
+       if (--parser->refcount > 0)
                return;
 
-       pool_unref(&(*parser)->pool);
-       i_free(*parser);
-       *parser = NULL;
+       pool_unref(&parser->pool);
+       i_free(parser);
 }
 
 void imap_parser_reset(struct imap_parser *parser)
Mirror of https://github.com/dovecot/core.git