Fix use-after-free in MSN log reader.

I don't think `path` should be replaced since the next time in the loop
will produce something like `directory/old_filename/new_filename`, which
makes no sense even if there were no use-after-free.

1 files changed, 6 insertions, 3 deletions

diff --git a/libpurple/plugins/log_reader.c b/libpurple/plugins/log_reader.c
index 4a53f30900..0db43d3d55 100644
--- a/libpurple/plugins/log_reader.c
+++ b/libpurple/plugins/log_reader.c
@@ -621,6 +621,7 @@ static GList *msn_logger_list(PurpleLogType type, const char *sn, PurpleAccount
 
 			while ((name = g_dir_read_name(dir))) {
 				const char *c = name;
+				gchar *full_path;
 
 				if (!purple_str_has_prefix(c, username))
 					continue;
@@ -633,16 +634,18 @@ static GList *msn_logger_list(PurpleLogType type, const char *sn, PurpleAccount
 					c++;
 				}
 
-				path = g_build_filename(path, name, NULL);
+				full_path = g_build_filename(path, name, NULL);
 				if (purple_strequal(c, ".xml") &&
-				    g_file_test(path, G_FILE_TEST_EXISTS)) {
+				    g_file_test(full_path, G_FILE_TEST_EXISTS)) {
 					found = TRUE;
+					g_free(path);
+					path = full_path;
 					g_free(logfile);
 					logfile = g_strdup(name);
 					break;
 				}
 				else
-					g_free(path);
+					g_free(full_path);
 			}
 			g_dir_close(dir);
 		}