• Rémi Denis-Courmont's avatar
    config_PutPsz: fix potential use-after-free · 6b35f6ff
    Rémi Denis-Courmont authored
    The new config value is duplicated, and the copy is stored to the
    configuration. After the configuration R/W lock is released, we have no
    warranty that another thread does not change the same configuration
    item, and free our own copy. Admittedly, this is very unlikely.
    
    Instead, we can simply pass the original string from the caller to the
    callback - that one must remain valid through the config_PutPsz()
    function call by definition.
    6b35f6ff
core.c 17 KB