g_slist_remove() doesn't actually access the pointer. It doesn't even assume that it's a valid pointer (it could be an int cast to a pointer, for example). There's no danger whatsoever in freeing the memory first and then passing the pointer to g_slist_remove() Although it would probably be cleaner to use g_slist_delete_link() for the found link, instead of g_slist_remove() Cheers, -Slava > ===================== > Use after free (USE_AFTER_FREE) > pass_freed_arg: Passing freed pointer found->data as an argument to g_slist_remove > > in modem.c > g_free(found->data); > modem->interface_list = g_slist_remove(modem->interface_list,found->data); > > feature = get_feature(interface); > if (feature) { > found = g_slist_find_custom(modem->feature_list, feature,(GCompareFunc) strcmp); > > if (found) { > g_free(found->data); > modem->feature_list = > g_slist_remove(modem->feature_list, found->data); > } > } > ===================== > in ussd.c > ssc_entry_destroy(l->data); > ussd->ss_control_list = g_slist_remove(ussd->ss_control_list, l->data); > ===================== > in simfs.c > sim_fs_op_free(op); > g_queue_remove(fs->op_q, op); > _______________________________________________ > ofono mailing list -- ofono(a)ofono.org > To unsubscribe send an email to ofono-leave(a)ofono.org > .