From 7d9407b76e1fd0c2745ff097fbc4ce8442169f1d Mon Sep 17 00:00:00 2001
From: Erwan Velu <erwan@redhat.com>
Date: Tue, 3 Oct 2017 10:56:09 +0200
Subject: [PATCH] client: Fixing invalid use after free()

As per commit be6fa258, reply->opcode is now called after freeing the structure.

This patch move the check of reply->opcode before freeing reply.

Signed-off-by: Erwan Velu <erwan@redhat.com>
---
 client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/client.c b/client.c
index 5b409fea..42099452 100644
--- a/client.c
+++ b/client.c
@@ -1864,10 +1864,12 @@ static void request_client_etas(struct client_ops *ops)
 static int handle_cmd_timeout(struct fio_client *client,
 			      struct fio_net_cmd_reply *reply)
 {
+	uint16_t reply_opcode = reply->opcode;
+
 	flist_del(&reply->list);
 	free(reply);
 
-	if (reply->opcode != FIO_NET_CMD_SEND_ETA)
+	if (reply_opcode != FIO_NET_CMD_SEND_ETA)
 		return 1;
 
 	log_info("client <%s>: timeout on SEND_ETA\n", client->hostname);
-- 
2.25.1