From c1fe179d5d5dab87f19f6dd1326c4a631e666a3d Mon Sep 17 00:00:00 2001
From: Andreas Eversberg <jolly@eversberg.eu>
Date: Sun, 24 Sep 2017 14:11:54 +0200
Subject: AMPS: Fix 'use-after-free-bug' after destroying transaction

---
 src/amps/amps.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src/amps')

diff --git a/src/amps/amps.c b/src/amps/amps.c
index 74abbc4..61786b5 100644
--- a/src/amps/amps.c
+++ b/src/amps/amps.c
@@ -699,11 +699,9 @@ void amps_rx_signaling_tone(amps_t *amps, int tone, double quality)
 		if (!tone)
 			break;
 		timer_stop(&trans->timer);
-		destroy_transaction(trans);
-		if (trans->callref) {
+		if (trans->callref)
 			call_in_release(trans->callref, CAUSE_NORMAL);
-			trans->callref = 0;
-		}
+		destroy_transaction(trans);
 		amps_go_idle(amps);
 		break;
 	case TRANS_CALL_MT_ALERT:
-- 
cgit v1.2.3