When the uloop is ended right after the state change timeout has been
armed, the timeout will never be cancelled, without a way for the
libuclient user to clean up. When uclient_free() is then called on the
uclient context while the uloop is still live, the entry in uloop's timeout
list will be dangling, often resulting in a segfault when new timeouts are
added or the timeout list is cleaned up in uloop_done().
Fix this by cancelling the timeout in uclient_disconnect().
Signed-off-by: Matthias Schiffer <mschif...@universe-factory.net>
---
uclient.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/uclient.c b/uclient.c
index a372d4a9dcbf..ce76bcf0e547 100644
--- a/uclient.c
+++ b/uclient.c
@@ -372,6 +372,7 @@ int uclient_read(struct uclient *cl, char *buf, int len)
void uclient_disconnect(struct uclient *cl)
{
uloop_timeout_cancel(&cl->connection_timeout);
+ uloop_timeout_cancel(&cl->timeout);
if (!cl->backend->disconnect)
return;
--
2.39.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
