hrev54710 adds 1 changeset to branch 'master'
old head: a756a8ad1bc08030f076952e44f5e8b0e0c8d8d7
new head: 6c016dc54a5b7e3033d7448bc2628bc5a24d660c
overview:
https://git.haiku-os.org/haiku/log/?qt=range&q=6c016dc54a5b+%5Ea756a8ad1bc0
----------------------------------------------------------------------------
6c016dc54a5b: libnetapi: Fix use after free
Fix 'fImpl' is used after delete in BNetBuffer::operator=
(GetImpl() returns fImpl), when it is used with self assignment.
Pointed out by Clang Static Analyzer.
Change-Id: Ic80a4ce73879062581b9241f84a4340919d281b9
Reviewed-on: https://review.haiku-os.org/c/haiku/+/3393
Reviewed-by: Jérôme Duval <jerome.duval@xxxxxxxxx>
[ Murai Takashi <tmurai01@xxxxxxxxx> ]
----------------------------------------------------------------------------
Revision: hrev54710
Commit: 6c016dc54a5b7e3033d7448bc2628bc5a24d660c
URL: https://git.haiku-os.org/haiku/commit/?id=6c016dc54a5b
Author: Murai Takashi <tmurai01@xxxxxxxxx>
Date: Fri Nov 13 12:28:31 2020 UTC
Committer: Adrien Destugues <pulkomandy@xxxxxxxxx>
Commit-Date: Sun Nov 15 20:05:58 2020 UTC
----------------------------------------------------------------------------
1 file changed, 6 insertions(+), 5 deletions(-)
src/kits/network/libnetapi/NetBuffer.cpp | 11 ++++++-----
----------------------------------------------------------------------------
diff --git a/src/kits/network/libnetapi/NetBuffer.cpp
b/src/kits/network/libnetapi/NetBuffer.cpp
index bc157f6877..ce036db3ca 100644
--- a/src/kits/network/libnetapi/NetBuffer.cpp
+++ b/src/kits/network/libnetapi/NetBuffer.cpp
@@ -66,12 +66,13 @@ BNetBuffer::BNetBuffer(BMessage* archive) :
BNetBuffer&
BNetBuffer::operator=(const BNetBuffer& buffer)
{
- delete fImpl;
-
- fImpl = new (std::nothrow) DynamicBuffer(*buffer.GetImpl());
- if (fImpl != NULL)
- fInit = fImpl->InitCheck();
+ if (&buffer != this) {
+ delete fImpl;
+ fImpl = new (std::nothrow) DynamicBuffer(*buffer.GetImpl());
+ if (fImpl != NULL)
+ fInit = fImpl->InitCheck();
+ }
return *this;
}
