projects / fw / openocd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4bd2b30)
Fix for segmentation fault from freed memory access in jtag_unregister_event_callback()
authorPaul Richards <paulr227@gmail.com>
Wed, 8 Dec 2010 06:48:55 +0000 (15:48 +0900)
committerØyvind Harboe <oyvind.harboe@zylin.com>
Fri, 10 Dec 2010 07:03:01 +0000 (08:03 +0100)
src/jtag/core.c patch | blob | history

diff --git a/src/jtag/core.c b/src/jtag/core.c
index b89530946a6647eb6d86233ee55d292c5a0b0150..dfedc172df342d8d8e9fac199ff6fa3e69cf5239 100644 (file)
--- a/src/jtag/core.c
+++ b/src/jtag/core.c
@@ -296,28 +296,24 @@ int jtag_register_event_callback(jtag_event_handler_t callback, void *priv)
 
 int jtag_unregister_event_callback(jtag_event_handler_t callback, void *priv)
 {
-       struct jtag_event_callback **callbacks_p;
-       struct jtag_event_callback **next;
+       struct jtag_event_callback **p = &jtag_event_callbacks, *temp;
 
        if (callback == NULL)
        {
                return ERROR_INVALID_ARGUMENTS;
        }
 
-       for (callbacks_p = &jtag_event_callbacks;
-                       *callbacks_p != NULL;
-                       callbacks_p = next)
+       while (*p)
        {
-               next = &((*callbacks_p)->next);
-
-               if ((*callbacks_p)->priv != priv)
-                       continue;
-
-               if ((*callbacks_p)->callback == callback)
+               if (((*p)->priv != priv) || ((*p)->callback != callback))
                {
-                       free(*callbacks_p);
-                       *callbacks_p = *next;
+                       p = &(*p)->next;
+                       continue;
                }
+
+               temp = *p;
+               *p = (*p)->next;
+               free(temp);
        }
 
        return ERROR_OK;
openocd with support for Altus Metrum targets