mexmer
commented
1 year ago also one more note, if irecv_close is intended to release irecv_client i suggest renaming function to something like irecv_client_free instead ... current name suggest, it closes client connections, not deleting/releasing client object.
https://github.com/libimobiledevice/libirecovery/blob/3962e480ca13e4ac2a3c4f6f62b5daa5f557851c/src/libirecovery.c#L903 causes crash under some condition.
mobiledevice_openpipes calls irecv_close on error, which releases client object and returns IRECV_E_SUCCESS, but this value is ignored and error is propagated back, later on multiple spots there is error handling, that involves calling members of client, without prior checking that client is null
https://github.com/libimobiledevice/libirecovery/blob/master/src/libirecovery.c#L904 https://github.com/libimobiledevice/libirecovery/blob/master/src/libirecovery.c#L925 https://github.com/libimobiledevice/libirecovery/blob/master/src/libirecovery.c#L948
also since it's inside cycle, even if mobiledevice_closepipes would not crash, still it will crash in next iteration of loop.