UAF crash

[mexmer]

libirecovery/src/libirecovery.c

Line 903 in 3962e48

if (mobiledevice_openpipes(_client) != IRECV_E_SUCCESS) {

causes crash under some condition.

mobiledevice_openpipes calls irecv_close on error, which releases client object and returns IRECV_E_SUCCESS, but this value is ignored and error is propagated back, later on multiple spots there is error handling, that involves calling members of client, without prior checking that client is null

https://github.com/libimobiledevice/libirecovery/blob/master/src/libirecovery.c#L904
https://github.com/libimobiledevice/libirecovery/blob/master/src/libirecovery.c#L925
https://github.com/libimobiledevice/libirecovery/blob/master/src/libirecovery.c#L948

also since it's inside cycle, even if mobiledevice_closepipes would not crash, still it will crash in next iteration of loop.

[mexmer]

also one more note, if irecv_close is intended to release irecv_client i suggest renaming function to something like irecv_client_free instead ... current name suggest, it closes client connections, not deleting/releasing client object.