Fixed adb crash due to accessing freed memory

Reset peers to NULL after closing them down. This prevents other code from attempting to access that freed memory (which prevents crashes). Previously, it left pointers to freed memory and the "if (s->peer)" guards could not block the attempt to access that memory later. Resolves many crashes seen while taking repeated screenshots on WinXP. Change-Id: I32553f4d19f6ddc9b05b6ab4dc1e9efe69e5be4f
aosp-gtablet · Jun 3, 2011 · 49f1857 · 49f1857
1 parent fe6bfb1
commit 49f1857
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/adb/sockets.c b/adb/sockets.c
@@ -221,10 +221,12 @@ static void local_socket_close_locked(asocket *s)
     if(s->peer) {
         s->peer->peer = 0;
         // tweak to avoid deadlock
-        if (s->peer->close == local_socket_close)
+        if (s->peer->close == local_socket_close) {
             local_socket_close_locked(s->peer);
-        else
+        } else {
             s->peer->close(s->peer);
+        }
+        s->peer = 0;
     }
 
         /* If we are already closing, or if there are no
@@ -782,6 +784,7 @@ static void smart_socket_close(asocket *s)
     if(s->peer) {
         s->peer->peer = 0;
         s->peer->close(s->peer);
+        s->peer = 0;
     }
     free(s);
 }