io: Fix use-after-free in ftw [BZ #26779]

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

diff --git a/io/ftw.c b/io/ftw.c
index 2742541..94bd5a9 100644 (file)
--- a/io/ftw.c
+++ b/io/ftw.c
@@ -323,8 +323,9 @@ open_dir_stream (int *dfdp, struct ftw_data *data, struct dir_data *dirp)
          buf[actsize++] = '\0';
 
          /* Shrink the buffer to what we actually need.  */
-         data->dirstreams[data->actdir]->content = realloc (buf, actsize);
-         if (data->dirstreams[data->actdir]->content == NULL)
+         void *content = realloc (buf, actsize);
+         data->dirstreams[data->actdir]->content = content;
+         if (content == NULL)
            {
              int save_err = errno;
              free (buf);