From 416b7b10ff85b90028ddb35cb4d3559fe85f3f5b Mon Sep 17 00:00:00 2001
From: Alan Antonuk <alan.antonuk@gmail.com>
Date: Thu, 10 May 2012 11:19:37 -0400
Subject: Fix: double free() if amqp_tune_connection fails in
 amqp_new_connection

See: https://github.com/rabbitmq/rabbitmq-c/issues/6
---
 librabbitmq/amqp_connection.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/librabbitmq/amqp_connection.c b/librabbitmq/amqp_connection.c
index 294910e..fc99862 100644
--- a/librabbitmq/amqp_connection.c
+++ b/librabbitmq/amqp_connection.c
@@ -55,6 +55,7 @@
   }
 
 amqp_connection_state_t amqp_new_connection(void) {
+  int res;
   amqp_connection_state_t state =
     (amqp_connection_state_t) calloc(1, sizeof(struct amqp_connection_state_t_));
 
@@ -64,7 +65,10 @@ amqp_connection_state_t amqp_new_connection(void) {
   init_amqp_pool(&state->frame_pool, INITIAL_FRAME_POOL_PAGE_SIZE);
   init_amqp_pool(&state->decoding_pool, INITIAL_DECODING_POOL_PAGE_SIZE);
 
-  if (amqp_tune_connection(state, 0, INITIAL_FRAME_POOL_PAGE_SIZE, 0) != 0)
+  res = amqp_tune_connection(state, 0, INITIAL_FRAME_POOL_PAGE_SIZE, 0);
+  if (-ERROR_NO_MEMORY == res)
+    return NULL;
+  else if (0 != res)
     goto out_nomem;
 
   state->inbound_buffer.bytes = amqp_pool_alloc(&state->frame_pool, state->inbound_buffer.len);
-- 
cgit v1.2.1