It is possible that ipdevice does not contain ipconfig for
some reason. If that happens, then ipconfig is not removed
from ipconfig_list which will then escalate into freed memory
access when interface is taken down.
The problem was seen with valgrind when tethering was enabled
and then disabled for wifi.
if (__sync_fetch_and_sub(&ipconfig->refcount, 1) != 1)
return;
- __connman_ipconfig_disable(ipconfig);
+ if (__connman_ipconfig_disable(ipconfig) < 0)
+ ipconfig_list = g_list_remove(ipconfig_list, ipconfig);
connman_ipconfig_set_ops(ipconfig, NULL);