From 19b92a4a7eecdadb7d45fe65ac2d182f22e9034b Mon Sep 17 00:00:00 2001
From: Ryan Hileman <lunixbochs@gmail.com>
Date: Wed, 21 Dec 2016 11:50:40 -0500
Subject: [PATCH] fix possible segfault in hook del (#691) (#697)

---
 uc.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/uc.c b/uc.c
index 10ebdb6a..3738ab6f 100644
--- a/uc.c
+++ b/uc.c
@@ -1069,19 +1069,19 @@ uc_err uc_hook_add(uc_engine *uc, uc_hook *hh, int type, void *callback,
 UNICORN_EXPORT
 uc_err uc_hook_del(uc_engine *uc, uc_hook hh)
 {
-    int i = 0;
+    int i;
     struct hook *hook = (struct hook *)hh;
-    int type = hook->type;
-
-    while ((type >> i) > 0 && i < UC_HOOK_MAX) {
-        if ((type >> i) & 1) {
-            if (list_remove(&uc->hook[i], (void *)hh)) {
-                if (--hook->refs == 0) {
-                    free(hook);
-                }
+    // we can't dereference hook->type if hook is invalid
+    // so for now we need to iterate over all possible types to remove the hook
+    // which is less efficient
+    // an optimization would be to align the hook pointer
+    // and store the type mask in the hook pointer.
+    for (i = 0; i < UC_HOOK_MAX; i++) {
+        if (list_remove(&uc->hook[i], (void *)hook)) {
+            if (--hook->refs == 0) {
+                free(hook);
             }
         }
-        i++;
     }
     return UC_ERR_OK;
 }