json: don't leave dangling pointers on hlist

unshare -n tests/json_echo/run-test.py
[..]
Adding chain c
free(): double free detected in tcache 2
Aborted (core dumped)

The element must be deleted from the hlist prior to freeing it.

Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/parser_json.c b/src/parser_json.c
index 09e394dfc26d7e15a7170f2c0371950a26a751ae..f0486b77a225af6077ef2eee52a5e714d2efede4 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3786,8 +3786,10 @@ static void json_cmd_assoc_free(void)
 
        for (i = 0; i < CMD_ASSOC_HSIZE; i++) {
                hlist_for_each_entry_safe(cur, pos, n,
-                                         &json_cmd_assoc_hash[i], hnode)
+                                         &json_cmd_assoc_hash[i], hnode) {
+                       hlist_del(&cur->hnode);
                        free(cur);
+               }
        }
 }