From 731df2adff504c56e49887a476bbe7786205ce2b Mon Sep 17 00:00:00 2001
From: "Constantin P." <papizh.konstantin@demlabs.net>
Date: Wed, 17 Apr 2024 19:19:12 +0700
Subject: [PATCH] Use after free fix

---
 modules/consensus/esbocs/dap_chain_cs_esbocs.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/consensus/esbocs/dap_chain_cs_esbocs.c b/modules/consensus/esbocs/dap_chain_cs_esbocs.c
index 0f02b1eff2..8cee6b9561 100644
--- a/modules/consensus/esbocs/dap_chain_cs_esbocs.c
+++ b/modules/consensus/esbocs/dap_chain_cs_esbocs.c
@@ -1294,11 +1294,14 @@ static void s_session_state_change(dap_chain_esbocs_session_t *a_session, enum s
         dap_hash_fast(l_store->candidate, l_store->candidate_size, &l_store->precommit_candidate_hash);
         // Process received earlier PreCommit messages
         dap_chain_esbocs_message_item_t *l_chain_message, *l_chain_message_tmp;
+        uint64_t l_cur_round_id = a_session->cur_round.id;
         HASH_ITER(hh, a_session->cur_round.message_items, l_chain_message, l_chain_message_tmp) {
             if (l_chain_message->message->hdr.type == DAP_CHAIN_ESBOCS_MSG_TYPE_PRE_COMMIT &&
-                    dap_hash_fast_compare(&l_chain_message->message->hdr.candidate_hash,
-                                          &a_session->cur_round.attempt_candidate_hash)) {
+                dap_hash_fast_compare(&l_chain_message->message->hdr.candidate_hash, &a_session->cur_round.attempt_candidate_hash))
+            {
                 s_session_candidate_precommit(a_session, l_chain_message->message);
+                if (a_session->cur_round.id != l_cur_round_id)
+                    break;
             }
         }
         // Send own PreCommit
-- 
GitLab