From bbae24c3ae3bce7518f0fbd2d260359ee6a36510 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 15 Jan 2019 00:06:26 +0100 Subject: extract_if_dead: follow-up to 54b201b48c90a extract_if_dead() dead is called from two functions, and only one of them should get conn->data updated and now neither call path clears it. scan-build found a case where conn->data would be NULL dereferenced in ConnectionExists() otherwise. Closes #3473 --- lib/url.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/url.c b/lib/url.c index 273c11de5..bb53f2740 100644 --- a/lib/url.c +++ b/lib/url.c @@ -965,9 +965,7 @@ static bool extract_if_dead(struct connectdata *conn, /* The protocol has a special method for checking the state of the connection. Use it to check if the connection is dead. */ unsigned int state; - conn->data = data; /* temporary transfer for this connection to use */ state = conn->handler->connection_check(conn, CONNCHECK_ISDEAD); - conn->data = NULL; /* clear transfer again */ dead = (state & CONNRESULT_DEAD); } else { @@ -996,6 +994,7 @@ struct prunedead { static int call_extract_if_dead(struct connectdata *conn, void *param) { struct prunedead *p = (struct prunedead *)param; + conn->data = p->data; /* transfer to use for this check */ if(extract_if_dead(conn, p->data)) { /* stop the iteration here, pass back the connection that was extracted */ p->extracted = conn; -- cgit v1.2.3