From 5a0f99de92605f686f073e35f4578b810dba2353 Mon Sep 17 00:00:00 2001
From: Weixie Cui <cuiweixie@gmail.com>
Date: Tue, 10 Mar 2026 20:14:22 +0800
Subject: [PATCH] Fix use-after-free in lsof_select_process_regex

Set xp to NULL after assigning to CmdRx[i].exp so that CLEAN(xp) in
the cleanup path does not free memory that is now owned by CmdRx[i].exp.
---
 lib/lsof.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/lsof.c b/lib/lsof.c
index cc60c7c4..045f37ae 100644
--- a/lib/lsof.c
+++ b/lib/lsof.c
@@ -926,6 +926,7 @@ enum lsof_error lsof_select_process_regex(struct lsof_context *ctx, char *x) {
      */
     CmdRx[i].mc = 0;
     CmdRx[i].exp = xp;
+    xp = NULL;
     NCmdRxU++;
 
     /** Update selection flags for inclusion */