From e118e167084c32d2362248151e0e3740a1f391df Mon Sep 17 00:00:00 2001
From: Ran Benita <ran234@gmail.com>
Date: Sat, 31 Dec 2011 12:31:53 +0200
Subject: [PATCH] test_console: fix use-after-free

Here's how it goes:
1. stdin reaches EOF, kmscon_eloop_rm_fd is called on stdin_fd.
2. The fd object is freed, the memory is reused in the meantime.
3. rm_fd is called again in destroy_eloop.
4. con->stdin_fd points to garbage and we get a segmentation fault.

Signed-off-by: Ran Benita <ran234@gmail.com>
---
 tests/test_console.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/test_console.c b/tests/test_console.c
index 810e5c7..9e72499 100644
--- a/tests/test_console.c
+++ b/tests/test_console.c
@@ -96,6 +96,7 @@ static void stdin_cb(struct kmscon_fd *fd, int mask, void *data)
 	} else if (!ret) {
 		log_info("stdin closed\n");
 		kmscon_eloop_rm_fd(fd);
+		con->stdin_fd = NULL;
 	} else {
 		len = ret;
 		log_debug("stdin input read (len: %d)\n", len);