From bb83598b128de5ecd505b7f8edbccd450ef54dcf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Corentin=20No=C3=ABl?= <corentin.noel@collabora.com>
Date: Wed, 18 Jan 2023 17:26:20 +0100
Subject: [PATCH] libsysprof: Avoid a use-after-free in raxRemove

As we are freeing the child, make sure to set it to NULL so that we are not
trying to remove it again.
---
 src/libsysprof/rax.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libsysprof/rax.c b/src/libsysprof/rax.c
index 7172f21b..a74b934c 100644
--- a/src/libsysprof/rax.c
+++ b/src/libsysprof/rax.c
@@ -1052,6 +1052,7 @@ int raxRemove(rax *rax, unsigned char *s, size_t len, void **old) {
             debugf("Freeing child %p [%.*s] key:%d\n", (void*)child,
                 (int)child->size, (char*)child->data, child->iskey);
             rax_free(child);
+            child = NULL;
             rax->numnodes--;
             h = raxStackPop(&ts);
              /* If this node has more then one child, or actually holds