client: Fixing invalid use after free()

As per commit be6fa258, reply->opcode is now called after freeing the structure.

This patch move the check of reply->opcode before freeing reply.

Signed-off-by: Erwan Velu <erwan@redhat.com>

diff --git a/client.c b/client.c
index 5b409fea4b78c187ef03ae0ad287026b3e0cfb9d..4209945245ff5e7c3cf4ea77f4d175a8d8d4dc8f 100644 (file)
--- a/client.c
+++ b/client.c
@@ -1864,10 +1864,12 @@ static void request_client_etas(struct client_ops *ops)
 static int handle_cmd_timeout(struct fio_client *client,
                              struct fio_net_cmd_reply *reply)
 {
+       uint16_t reply_opcode = reply->opcode;
+
        flist_del(&reply->list);
        free(reply);
 
-       if (reply->opcode != FIO_NET_CMD_SEND_ETA)
+       if (reply_opcode != FIO_NET_CMD_SEND_ETA)
                return 1;
 
        log_info("client <%s>: timeout on SEND_ETA\n", client->hostname);