lwip: Fix use-after-free memory corruption
Set *sem to NULL after free() otherwise calling sys_sem_set_invalid()
will cause us to write into a memory location that has potentially
either been reused for another allocation or contains freelist
metadata.
This manifested as malloc() corruption, because we
sys_sem_set_invalid() was overwriting malloc metadata used for
maintaining the freelist.
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Gene Cumm <gene.cumm@gmail.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
projects / platform / upstream / syslinux.git / commit