From 95a34fc73f4eb5c5ee1399a53eea04af775201c9 Mon Sep 17 00:00:00 2001 From: Donat Zenichev Date: Wed, 24 Jun 2026 18:05:25 +0200 Subject: [PATCH] MT#61856 media_socket: make `release_reserved_port()` non-fragile Currently the function has two cycles (while-outer-cycle and for-inner-cycle). The inner one operates on the given `pp` pointer and can potentially mutate it (the pointer isn't const), hence the outer cycle will continue with a mutated pointer. Instead just use a local scope pointer to manipulate linked list's data. P.S.: the `pp` pointer isn't a double pointer, so unlikely was expected (even by design) to be modified (e.g. its address or what it actually points to). Change-Id: Ia36bcb6fb47e9e72ae25a838f8005ca99f4c591d (cherry picked from commit a4875c336ed0fc201d097db1ffbe7180968a4449) (cherry picked from commit 695fdea67125ade1fc31518d8001246d4ad5baa6) --- daemon/media_socket.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/daemon/media_socket.c b/daemon/media_socket.c index 4a2f84775..00f77eb4e 100644 --- a/daemon/media_socket.c +++ b/daemon/media_socket.c @@ -784,16 +784,16 @@ static void release_reserved_port(struct port_pool *pp, ports_q *list, unsigned assert(port == GPOINTER_TO_UINT(t_queue_peek_head(list))); - pp = l->data; - if (!port_is_in_range(pp, port)) + struct port_pool *opp = l->data; + if (!port_is_in_range(opp, port)) continue; // remove top link from list link = t_queue_pop_head_link(list); - LOCK(&pp->free_list_lock); - t_queue_push_tail_link(&pp->free_ports_q, link); - free_ports_link(pp, port) = link; + LOCK(&opp->free_list_lock); + t_queue_push_tail_link(&opp->free_ports_q, link); + free_ports_link(opp, port) = link; } } }