From deaf82b9b4452a4fca0bdd8485f2be3296dbe8e8 Mon Sep 17 00:00:00 2001
From: Hung-Te Lin <hungte@chromium.org>
Date: Tue, 25 Feb 2020 10:41:38 +0800
Subject: futility: updater: Fix failure by modifying released memory

When deleting the temp files, the pointer to released head must not be
used again. Setting 'next' to NULL should be done earlier.

BUG=chromium:1055468
TEST=make clean && make runfutiltests
BRANCH=none

Change-Id: Ia4356ade5fcf85e2bfc917c5a3bcbb7f492c5a08
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2071179
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
---
 futility/updater_utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/futility/updater_utils.c b/futility/updater_utils.c
index fadfd04b..36ea7981 100644
--- a/futility/updater_utils.c
+++ b/futility/updater_utils.c
@@ -709,8 +709,8 @@ void remove_all_temp_files(struct tempfile *head)
 	/* head itself is dummy and should not be removed. */
 	assert(!head->filepath);
 	struct tempfile *next = head->next;
+	head->next = NULL;
 	while (next) {
-		head->next = NULL;
 		head = next;
 		next = head->next;
 		assert(head->filepath);
-- 
cgit v1.2.1