Fix xmpp_stanza_release() for cloned child-stanzas.

Break the linked-list of children before releasing a child. Before this patch it was possible, when a child is cloned and stored for longer than the lifetime of its parent, that its `next` pointer points to invalid memory that was already free'd when the parent stanza was released. This issue exists already since the initial version of `xmpp_stanza_release()`. Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
strophe · Jul 27, 2023 · 60c714b · 60c714b
1 parent ad8969e
commit 60c714b
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/stanza.c b/src/stanza.c
@@ -182,6 +182,7 @@ int xmpp_stanza_release(xmpp_stanza_t *stanza)
         while (child) {
             tchild = child;
             child = child->next;
+            tchild->next = NULL;
             xmpp_stanza_release(tchild);
         }