27 lines
893 B
Diff
27 lines
893 B
Diff
From 1c1c14271eadeb35dc2fb38e199bde2e90ff4ea3 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
|
|
Date: Wed, 13 Dec 2017 19:22:52 +0100
|
|
Subject: [PATCH] json_object: Avoid double free (and thus a segfault) when
|
|
ref_count gets < 0
|
|
|
|
---
|
|
json_object.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/json_object.c b/json_object.c
|
|
index 042477a71b..b94b9e222a 100644
|
|
--- a/json_object.c
|
|
+++ b/json_object.c
|
|
@@ -189,9 +189,9 @@ int json_object_put(struct json_object *jso)
|
|
* as that can result in the thread that loses the race to 0
|
|
* operating on an already-freed object.
|
|
*/
|
|
- if (__sync_sub_and_fetch(&jso->_ref_count, 1) > 0) return 0;
|
|
+ if (__sync_sub_and_fetch(&jso->_ref_count, 1) != 0) return 0;
|
|
#else
|
|
- if (--jso->_ref_count > 0) return 0;
|
|
+ if (--jso->_ref_count != 0) return 0;
|
|
#endif
|
|
|
|
if (jso->_user_delete)
|