<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Calling the nftnl_set_free function may trigger the "double free" problem."
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1685#c5">Comment # 5</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Calling the nftnl_set_free function may trigger the "double free" problem."
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1685">bug 1685</a>
              from <span class="vcard"><a class="email" href="mailto:vchanger123456@163.com" title="Chen Zhen <vchanger123456@163.com>"> <span class="fn">Chen Zhen</span></a>
</span></b>
        <pre>Is there a problem with this patch? I have verified it by the reproduction code
above.


>From 325df1f49bb273177a9f47f60ea9baa4f3f3197d Mon Sep 17 00:00:00 2001
From: sxt1001 <<a href="mailto:sxt1001@qq.com">sxt1001@qq.com</a>>
Date: Wed, 31 May 2023 21:01:47 +0800
Subject: [PATCH] Fix double free

---
 src/set.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/set.c b/src/set.c
index c46f827..738cc24 100644
--- a/src/set.c
+++ b/src/set.c
@@ -54,8 +54,11 @@ void nftnl_set_free(const struct nftnl_set *s)
        if (s->flags & (1 << NFTNL_SET_USERDATA))
                xfree(s->user.data);

-       list_for_each_entry_safe(expr, next, &s->expr_list, head)
-               nftnl_expr_free(expr);
+       if (s->flags & (1 << NFTNL_SET_EXPR))
+       {
+               list_for_each_entry_safe(expr, next, &s->expr_list, head)
+                       nftnl_expr_free(expr);
+       }

        list_for_each_entry_safe(elem, tmp, &s->element_list, head) {
                list_del(&elem->head);
--
2.33.0</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>