Don't access freed memory.

Signed-off-by: Matt Colyer <matt@colyer.name>
author: Martin Aumueller 2008-07-30 23:03:56 +0200
committer: Matt Colyer 2008-07-31 09:03:01 -0700
commit: 3a659016bbe52ed729a46d5203372db9f1a1c9aa (patch)
tree: 31b6f5df920131d18ebb112f7e8064801887aae9
parent: 41bc8af628e60132747b4ca6a7f4620d19f2eea8 (diff)
download: libplist-3a659016bbe52ed729a46d5203372db9f1a1c9aa.tar.gz
libplist-3a659016bbe52ed729a46d5203372db9f1a1c9aa.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/src/AFC.c b/src/AFC.c
index f4b802d..5462dfc 100644
--- a/src/AFC.c
+++ b/src/AFC.c
@@ -121,6 +121,7 @@ int receive_AFC_data(AFClient *client, char **dump_here) {
 	AFCPacket *r_packet;
 	char *buffer = (char*)malloc(sizeof(AFCPacket) * 4);
 	int bytes = 0, recv_len = 0;
+        int retval = 0;
 	
 	bytes = mux_recv(client->phone, client->connection, buffer, sizeof(AFCPacket) * 4);
 	if (bytes <= 0) {
@@ -136,9 +137,10 @@ int receive_AFC_data(AFClient *client, char **dump_here) {
 	if (r_packet->entire_length == r_packet->this_length && r_packet->entire_length > sizeof(AFCPacket) && r_packet->operation != AFC_ERROR) {
 		*dump_here = (char*)malloc(sizeof(char) * (r_packet->entire_length-sizeof(AFCPacket)));
 		memcpy(*dump_here, buffer+sizeof(AFCPacket), r_packet->entire_length-sizeof(AFCPacket));
+                retval = r_packet->entire_length - sizeof(AFCPacket);
 		free(buffer);
 		free(r_packet);
-		return r_packet->entire_length - sizeof(AFCPacket);
+		return retval;
 	}
 	
 	uint32 param1 = buffer[sizeof(AFCPacket)];
author	Martin Aumueller	2008-07-30 23:03:56 +0200
committer	Matt Colyer	2008-07-31 09:03:01 -0700
commit	3a659016bbe52ed729a46d5203372db9f1a1c9aa (patch)
tree	31b6f5df920131d18ebb112f7e8064801887aae9
parent	41bc8af628e60132747b4ca6a7f4620d19f2eea8 (diff)
download	libplist-3a659016bbe52ed729a46d5203372db9f1a1c9aa.tar.gz libplist-3a659016bbe52ed729a46d5203372db9f1a1c9aa.tar.bz2