OSDN Git Service

Subject: [PATCH] Fix heap-use-after-free in reference-ril.c found by
authorIvan Krasin <krasin@google.com>
Wed, 27 Jan 2016 19:17:58 +0000 (11:17 -0800)
committerIvan Krasin <krasin@google.com>
Wed, 27 Jan 2016 19:42:04 +0000 (11:42 -0800)
AddressSaniziter.

BUG=26012424

(cherry picked from commit 7c0165ee3b769ed6a67b58b7c6e2f60bd6f8fbf6)

Change-Id: I108f01229b5fe6a368129e608195ba5833f2ea91

reference-ril/reference-ril.c

index 45340e3..b9baef1 100644 (file)
@@ -3110,7 +3110,6 @@ static void onUnsolicited (const char *s, const char *sms_pdu)
 
         err = at_tok_nextstr(&p, &response);
 
-        free(line);
         if (err != 0) {
             RLOGE("invalid NITZ line %s\n", s);
         } else {
@@ -3118,6 +3117,7 @@ static void onUnsolicited (const char *s, const char *sms_pdu)
                 RIL_UNSOL_NITZ_TIME_RECEIVED,
                 response, strlen(response));
         }
+        free(line);
     } else if (strStartsWith(s,"+CRING:")
                 || strStartsWith(s,"RING")
                 || strStartsWith(s,"NO CARRIER")