slirp: fix use-after-free

460fec67ee introduced a use-after free in slirp. Cc: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2009-11-20 18:13:10 +00:00 · 2009-11-20 18:13:10 +00:00 · e0cf6d15e3
commit e0cf6d15e3
parent f7c703250c
1 changed files with 1 additions and 1 deletions
--- a/slirp/mbuf.c
+++ b/slirp/mbuf.c
@ -95,8 +95,8 @@ m_free(struct mbuf *m)
 	 * Either free() it or put it on the free list
 	 */
 	if (m->m_flags & M_DOFREE) {
-		free(m);
 		m->slirp->mbuf_alloced--;
+		free(m);
 	} else if ((m->m_flags & M_FREELIST) == 0) {
 		insque(m,&m->slirp->m_freelist);
 		m->m_flags = M_FREELIST; /* Clobber other flags */