Fix use-after-free in free_incl()

Seen after linux update Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `../varnishevent -f varnishevent.conf -r varnish-4.1.0-doc.log -w out -v'. Program terminated with signal SIGABRT, Aborted. 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt

Fix use-after-free in free_incl()
Seen after linux update Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `../varnishevent -f varnishevent.conf -r varnish-4.1.0-doc.log -w out -v'. Program terminated with signal SIGABRT, Aborted. 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt
5b00968b · Nils Goroll · a00794a4 · 5b00968b
Unverified Commit 5b00968b authored Jun 29, 2021 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

format.c src/format.c +2 -2

No files found.
--- a/src/format.c
+++ b/src/format.c
@@ -1562,10 +1562,10 @@ free_format(compiled_fmt_t *fmt)
 static void
 free_incl(includehead_t inclhead[])
 {
-    inc_t *incl;
+    inc_t *incl, *tmp;

    for (int i = 0; i < MAX_VSL_TAG; i++)
-        VSTAILQ_FOREACH(incl, &inclhead[i], inclist) {
+        VSTAILQ_FOREACH_SAFE(incl, &inclhead[i], inclist, tmp) {
            if (incl->hdr != NULL)
                free(incl->hdr);
            free(incl);