From 1b9dcce23c8f52aa1ba97fe30fad83930c60578d Mon Sep 17 00:00:00 2001
From: Romain Vimont <rom@rom1v.com>
Date: Mon, 3 May 2021 20:39:49 +0200
Subject: [PATCH] Fix double-free on error

On error, server->serial was freed twice: immediately and in
server_destroy().

Refs #2292 <https://github.com/Genymobile/scrcpy/issues/2292#issuecomment-831424820>
---
 app/src/server.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/src/server.c b/app/src/server.c
index a4bba33c..276e0bd6 100644
--- a/app/src/server.c
+++ b/app/src/server.c
@@ -417,18 +417,19 @@ server_start(struct server *server, const char *serial,
     }
 
     if (!push_server(serial)) {
-        goto error1;
+        /* server->serial will be freed on server_destroy() */
+        return false;
     }
 
     if (!enable_tunnel_any_port(server, params->port_range,
                                 params->force_adb_forward)) {
-        goto error1;
+        return false;
     }
 
     // server will connect to our server socket
     server->process = execute_server(server, params);
     if (server->process == PROCESS_NONE) {
-        goto error2;
+        goto error;
     }
 
     // If the server process dies before connecting to the server socket, then
@@ -442,14 +443,14 @@ server_start(struct server *server, const char *serial,
     if (!ok) {
         process_terminate(server->process);
         process_wait(server->process, true); // ignore exit code
-        goto error2;
+        goto error;
     }
 
     server->tunnel_enabled = true;
 
     return true;
 
-error2:
+error:
     if (!server->tunnel_forward) {
         bool was_closed =
             atomic_flag_test_and_set(&server->server_socket_closed);
@@ -459,8 +460,7 @@ error2:
         close_socket(server->server_socket);
     }
     disable_tunnel(server);
-error1:
-    free(server->serial);
+
     return false;
 }