From 49f1857dd8b64cdd57f28e965a1ff5fa0c2b0547 Mon Sep 17 00:00:00 2001
From: Tom Marlin <tomm@bsquare.com>
Date: Fri, 13 May 2011 13:24:55 -0500
Subject: [PATCH] Fixed adb crash due to accessing freed memory

Reset peers to NULL after closing them down. This prevents
other code from attempting to access that freed memory
(which prevents crashes). Previously, it left pointers to
freed memory and the "if (s->peer)" guards could not block
the attempt to access that memory later. Resolves many
crashes seen while taking repeated screenshots on WinXP.

Change-Id: I32553f4d19f6ddc9b05b6ab4dc1e9efe69e5be4f
---
 adb/sockets.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/adb/sockets.c b/adb/sockets.c
index aa4d5fcff..f0357d6b6 100644
--- a/adb/sockets.c
+++ b/adb/sockets.c
@@ -221,10 +221,12 @@ static void local_socket_close_locked(asocket *s)
     if(s->peer) {
         s->peer->peer = 0;
         // tweak to avoid deadlock
-        if (s->peer->close == local_socket_close)
+        if (s->peer->close == local_socket_close) {
             local_socket_close_locked(s->peer);
-        else
+        } else {
             s->peer->close(s->peer);
+        }
+        s->peer = 0;
     }
 
         /* If we are already closing, or if there are no
@@ -782,6 +784,7 @@ static void smart_socket_close(asocket *s)
     if(s->peer) {
         s->peer->peer = 0;
         s->peer->close(s->peer);
+        s->peer = 0;
     }
     free(s);
 }