From a67f02cf215a80ee97bfc23480f4c506cd9b8e7f Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@googlemail.com>
Date: Sun, 13 Jan 2013 19:30:35 +0100
Subject: [PATCH] shl: hook: fix invalid memory access for non-oneshot entries

If an entry is not a oneshot entry, then it might get deleted during the
callback procedure and hence, we _must_ not access it afterwards.
Therefore, remember the oneshot setting so we access it only if it really
is a oneshot entry.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
---
 src/shl_hook.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/shl_hook.h b/src/shl_hook.h
index be64b74..66603a0 100644
--- a/src/shl_hook.h
+++ b/src/shl_hook.h
@@ -1,7 +1,7 @@
 /*
  * shl - Hook Handling
  *
- * Copyright (c) 2011-2012 David Herrmann <dh.herrmann@googlemail.com>
+ * Copyright (c) 2011-2013 David Herrmann <dh.herrmann@googlemail.com>
  * Copyright (c) 2011 University of Tuebingen
  *
  * Permission is hereby granted, free of charge, to any person obtaining
@@ -205,6 +205,7 @@ static inline void shl_hook_call(struct shl_hook *hook, void *parent,
 				 void *arg)
 {
 	struct shl_hook_entry *entry;
+	bool oneshot;
 
 	if (!hook || hook->cur_entry)
 		return;
@@ -214,13 +215,14 @@ static inline void shl_hook_call(struct shl_hook *hook, void *parent,
 		entry = shl_dlist_entry(hook->cur_entry,
 					struct shl_hook_entry, list);
 		hook->cur_entry = entry->list.next;
+		oneshot = entry->oneshot;
 
-		if (entry->oneshot)
+		if (oneshot)
 			shl_dlist_unlink(&entry->list);
 
 		entry->cb(parent, arg, entry->data);
 
-		if (entry->oneshot) {
+		if (oneshot) {
 			free(entry);
 			--hook->num;
 		}
-- 
2.7.4