Fix a Segfault during aaft

Steps to reproduce the Segfault: ```sh $ echo 'main(){}' >m.c $ gcc -m m.c $ r2 -e bin.cache=1 -e anal.detectwrites=1 -A m [x] Analyze all flags starting with sym. and entry0 (aa) [x] Analyze function calls (aac) [x] Analyze len bytes of instructions for references (aar) [x] Finding and parsing C++ vtables (avrr) segmentation fault ``` Environment: OS: `ubuntu-18.04 docker image` GCC: `gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)`
radareorg · Oct 6, 2021 · 937bf35 · 937bf35
1 parent bf29366
commit 937bf35
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/libr/core/anal_tp.c b/libr/core/anal_tp.c
@@ -450,7 +450,7 @@ static int bb_cmpaddr(const void *_a, const void *_b) {
 
 R_API void r_core_anal_type_match(RCore *core, RAnalFunction *fcn) {
 	RAnalBlock *bb;
-	RListIter *it;
+	RListIter *it, *tmp;
 	RAnalOp aop = {0};
 	bool resolved = false;
 
@@ -516,7 +516,7 @@ R_API void r_core_anal_type_match(RCore *core, RAnalFunction *fcn) {
 	}
 	r_cons_break_push (NULL, NULL);
 	r_list_sort (fcn->bbs, bb_cmpaddr); // TODO: The algorithm can be more accurate if blocks are followed by their jmp/fail, not just by address
-	r_list_foreach (fcn->bbs, it, bb) {
+	r_list_foreach_safe (fcn->bbs, it, tmp, bb) {
 		ut64 addr = bb->addr;
 		int i = 0;
 		r_reg_set_value (core->dbg->reg, r, addr);