From 3df0fbfefbb1a79bd4570a412221d2f999c59886 Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Wed, 23 May 2018 20:09:09 +0800
Subject: [PATCH] DM: bugfix - use of freed memory in 'monitor_close()'

 -memory was dereferenced after being freed:
   MACRO 'LIST_FOREACH()' dereference
  'client' for next list node after 'client'
   was freed.

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
---
 devicemodel/core/monitor.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/devicemodel/core/monitor.c b/devicemodel/core/monitor.c
index 698feaee2..58bfb91e0 100644
--- a/devicemodel/core/monitor.c
+++ b/devicemodel/core/monitor.c
@@ -453,7 +453,7 @@ int monitor_init(struct vmctx *ctx)
 
 void monitor_close(void)
 {
-	struct vmm_client *client;
+	struct vmm_client *client, *pclient;
 	if (!monitor_thread)
 		return;
 	shutdown(monitor_fd, SHUT_RDWR);
@@ -465,7 +465,8 @@ void monitor_close(void)
 	/* client buf-mem and fd may be still in use by msg-handler */
 	/* which is handled by mevent */
 	pthread_mutex_lock(&client_mutex);
-	LIST_FOREACH(client, &client_head, list) {
+	list_foreach_safe(client, &client_head, list, pclient) {
+		LIST_REMOVE(client, list);
 		vmm_client_free_res(client);
 	}
 	pthread_mutex_unlock(&client_mutex);