Permalink
Browse files

extract_if_dead: follow-up to 54b201b

extract_if_dead() dead is called from two functions, and only one of
them should get conn->data updated and now neither call path clears it.

scan-build found a case where conn->data would be NULL dereferenced in
ConnectionExists() otherwise.

Closes #3473
  • Loading branch information...
bagder committed Jan 14, 2019
1 parent fe71b2d commit bbae24c3ae3bce7518f0fbd2d260359ee6a36510
Showing with 1 addition and 2 deletions.
  1. +1 −2 lib/url.c
@@ -965,9 +965,7 @@ static bool extract_if_dead(struct connectdata *conn,
/* The protocol has a special method for checking the state of the
connection. Use it to check if the connection is dead. */
unsigned int state;
conn->data = data; /* temporary transfer for this connection to use */
state = conn->handler->connection_check(conn, CONNCHECK_ISDEAD);
conn->data = NULL; /* clear transfer again */
dead = (state & CONNRESULT_DEAD);
}
else {
@@ -996,6 +994,7 @@ struct prunedead {
static int call_extract_if_dead(struct connectdata *conn, void *param)
{
struct prunedead *p = (struct prunedead *)param;
conn->data = p->data; /* transfer to use for this check */
if(extract_if_dead(conn, p->data)) {
/* stop the iteration here, pass back the connection that was extracted */
p->extracted = conn;

0 comments on commit bbae24c

Please sign in to comment.