From 847100bde8ddda45c59220ba12519941a1a1ce14 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@gmail.com>
Date: Sun, 29 Mar 2009 22:59:32 +0300
Subject: [PATCH] Don't dereference freed memory.

The existing hash key does not get replaced by the new hash key.  Only
the data is replaced.

Signed-off-by: Dan Carpenter <error27@gmail.com>
---
 smatch_function_hooks.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/smatch_function_hooks.c b/smatch_function_hooks.c
index 2f424645..8e2733b5 100644
--- a/smatch_function_hooks.c
+++ b/smatch_function_hooks.c
@@ -42,6 +42,7 @@ static struct call_back_list *get_call_backs(const char *look_for)
 static void add_cb_hook(const char *look_for, struct fcall_back *cb)
 {
 	ENTRY e, *ep;
+	char *old_key = NULL;
 
 	e.key = alloc_string(look_for);
 	hsearch_r(e, FIND, &ep, &func_hash);
@@ -51,7 +52,8 @@ static void add_cb_hook(const char *look_for, struct fcall_back *cb)
 		add_ptr_list(&list, cb);
 		e.data = list;
 	} else {
-		free_string(ep->key);
+		old_key = e.key;
+		e.key = ep->key;
 		add_ptr_list((struct call_back_list **)&ep->data, cb);
 		e.data = ep->data;
 	}
@@ -59,6 +61,7 @@ static void add_cb_hook(const char *look_for, struct fcall_back *cb)
 		printf("Error hash table too small in smatch_function_hooks.c\n");
 		exit(1);
 	}
+	free_string(old_key);
 }
 
 void add_function_hook(const char *look_for, func_hook *call_back, void *info)
-- 
2.11.4.GIT