Subject: Fix use-after-free (https://runtimeverification.com/)
Origin: FILE5_34-65-ge64f6d71 <https://github.com/file/file/commit/FILE5_34-65-ge64f6d71>
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Sat Sep 1 15:52:02 2018 +0000

    Fix use-after-free (https://runtimeverification.com/). The free code was
    never changed when the mlist was changed from a NULL-terminated list to
    a circular one.

--- a/src/apprentice.c
+++ b/src/apprentice.c
@@ -586,6 +586,14 @@
 }
 
 private void
+mlist_free_one(struct mlist *ml)
+{
+	if (ml->map)
+		apprentice_unmap(CAST(struct magic_map *, ml->map));
+	free(ml);
+}
+
+private void
 mlist_free(struct mlist *mlist)
 {
 	struct mlist *ml, *next;
@@ -593,14 +601,11 @@
 	if (mlist == NULL)
 		return;
 
-	ml = mlist->next;
-	for (ml = mlist->next; (next = ml->next) != NULL; ml = next) {
-		if (ml->map)
-			apprentice_unmap(CAST(struct magic_map *, ml->map));
-		free(ml);
-		if (ml == mlist)
-			break;
+	for (ml = mlist->next; ml != mlist; ml = next) {
+		next = ml->next;
+		mlist_free_one(ml);
 	}
+	mlist_free_one(mlist);
 }
 
 #ifndef COMPILE_ONLY