gfxmenu: Fix double free in load_image()

self->bitmap should be zeroed after free. Otherwise, there is a chance
to double free (USE_AFTER_FREE) it later in rescale_image().

Fixes: CID 292472
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c
index 29784ed2d9a2bf726729a2c654e477c075e777b1..6b2e976f16e15237780c96cfb4930da012fd71e8 100644 (file)
--- a/grub-core/gfxmenu/gui_image.c
+++ b/grub-core/gfxmenu/gui_image.c
@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path)
     return grub_errno;
 
   if (self->bitmap && (self->bitmap != self->raw_bitmap))
-    grub_video_bitmap_destroy (self->bitmap);
+    {
+      grub_video_bitmap_destroy (self->bitmap);
+      self->bitmap = 0;
+    }
   if (self->raw_bitmap)
     grub_video_bitmap_destroy (self->raw_bitmap);