From 8675d66abd6e40baa40fcfcf3a722119eb18527b Mon Sep 17 00:00:00 2001
From: dimitri staessens <dimitri.staessens@intec.ugent.be>
Date: Mon, 16 May 2016 03:20:11 +0200
Subject: irmd: fixed unlock after free

unlock is now called before the object is destroyed.
---
 src/irmd/main.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/irmd/main.c b/src/irmd/main.c
index b7e1ad18..6030f0b1 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -1223,7 +1223,7 @@ static void irm_destroy(struct irm *  irm)
         if (irm == NULL)
                 return;
 
-        rw_lock_wrlock(&instance->state_lock);
+        rw_lock_wrlock(&irm->state_lock);
 
         if (irm->threadpool != NULL)
                 free(irm->threadpool);
@@ -1256,9 +1256,11 @@ static void irm_destroy(struct irm *  irm)
                 shm_du_map_destroy(irm->dum);
 
         close(irm->sockfd);
+
+        rw_lock_unlock(&irm->state_lock);
+
         free(irm);
 
-        rw_lock_unlock(&instance->state_lock);
 }
 
 void irmd_sig_handler(int sig, siginfo_t * info, void * c)
-- 
cgit v1.2.3