Cherry-pick 49f1857d from master. do not merge.

Fixed adb crash due to accessing freed memory

Reset peers to NULL after closing them down. This prevents
other code from attempting to access that freed memory
(which prevents crashes). Previously, it left pointers to
freed memory and the "if (s->peer)" guards could not block
the attempt to access that memory later. Resolves many
crashes seen while taking repeated screenshots on WinXP.

Change-Id: I2697ba09971f2e0b51ff5c5e89a6fa20ebafb2c4

1 files changed, 5 insertions, 2 deletions

diff --git a/adb/sockets.c b/adb/sockets.c
index 43925e41..e3cea35f 100644
--- a/adb/sockets.c
+++ b/adb/sockets.c
@@ -221,10 +221,12 @@ static void local_socket_close_locked(asocket *s)
     if(s->peer) {
         s->peer->peer = 0;
         // tweak to avoid deadlock
-        if (s->peer->close == local_socket_close)
+        if (s->peer->close == local_socket_close) {
             local_socket_close_locked(s->peer);
-        else
+        } else {
             s->peer->close(s->peer);
+        }
+        s->peer = 0;
     }
 
         /* If we are already closing, or if there are no
@@ -756,6 +758,7 @@ static void smart_socket_close(asocket *s)
     if(s->peer) {
         s->peer->peer = 0;
         s->peer->close(s->peer);
+        s->peer = 0;
     }
     free(s);
 }