From 006dd86111c44572dbd3b26e9c63dd0f834d7762 Mon Sep 17 00:00:00 2001
From: Jeff Law <law@redhat.com>
Date: Thu, 21 Jun 2012 17:15:38 -0600
Subject:         [BZ #14277]         * intl/dcigettext.c (_nl_find_msg): Avoid
 use after potential         free.  Simplify list management for _LIBC case.

---
 intl/dcigettext.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'intl')

diff --git a/intl/dcigettext.c b/intl/dcigettext.c
index f6b7573..fcd1c78 100644
--- a/intl/dcigettext.c
+++ b/intl/dcigettext.c
@@ -1155,7 +1155,7 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
 							     freemem_size);
 # ifdef _LIBC
 		      if (newmem != NULL)
-			transmem_list = transmem_list->next;
+			transmem_list = newmem;
 		      else
 			{
 			  struct transmem_list *old = transmem_list;
@@ -1170,6 +1170,12 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
 		      malloc_count = 1;
 		      freemem_size = INITIAL_BLOCK_SIZE;
 		      newmem = (transmem_block_t *) malloc (freemem_size);
+# ifdef _LIBC
+		      /* Add the block to the list of blocks we have to free
+			 at some point.  */
+		      newmem->next = transmem_list;
+		      transmem_list = newmem;
+# endif
 		    }
 		  if (__builtin_expect (newmem == NULL, 0))
 		    {
@@ -1180,11 +1186,6 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp)
 		    }
 
 # ifdef _LIBC
-		  /* Add the block to the list of blocks we have to free
-		     at some point.  */
-		  newmem->next = transmem_list;
-		  transmem_list = newmem;
-
 		  freemem = (unsigned char *) newmem->data;
 		  freemem_size -= offsetof (struct transmem_list, data);
 # else
-- 
cgit v1.1