From a4875c336ed0fc201d097db1ffbe7180968a4449 Mon Sep 17 00:00:00 2001
From: Donat Zenichev <dzenichev@sipwise.com>
Date: Wed, 24 Jun 2026 18:05:25 +0200
Subject: [PATCH] MT#61856 media_socket: make `release_reserved_port()`
 non-fragile

Currently the function has two cycles (while-outer-cycle and
for-inner-cycle).

The inner one operates on the given `pp` pointer and can potentially
mutate it (the pointer isn't const), hence the outer cycle will
continue with a mutated pointer.

Instead just use a local scope pointer to manipulate linked list's
data.

P.S.: the `pp` pointer isn't a double pointer, so unlikely was
expected (even by design) to be modified (e.g. its address or what
it actually points to).

Change-Id: Ia36bcb6fb47e9e72ae25a838f8005ca99f4c591d
---
 daemon/media_socket.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/daemon/media_socket.c b/daemon/media_socket.c
index d04c64dbe..c0fbd8369 100644
--- a/daemon/media_socket.c
+++ b/daemon/media_socket.c
@@ -785,16 +785,16 @@ static void release_reserved_port(struct port_pool *pp, ports_q *list, unsigned
 
 			assert(port == GPOINTER_TO_UINT(t_queue_peek_head(list)));
 
-			pp = l->data;
-			if (!port_is_in_range(pp, port))
+			struct port_pool *opp = l->data;
+			if (!port_is_in_range(opp, port))
 				continue;
 
 			// remove top link from list
 			link = t_queue_pop_head_link(list);
 
-			LOCK(&pp->free_list_lock);
-			t_queue_push_tail_link(&pp->free_ports_q, link);
-			free_ports_link(pp, port) = link;
+			LOCK(&opp->free_list_lock);
+			t_queue_push_tail_link(&opp->free_ports_q, link);
+			free_ports_link(opp, port) = link;
 		}
 	}
 }