[asterisk-bugs] [JIRA] (ASTERISK-27956) res_pjsip_pubsub: segfault in function publish_expire
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Tue Aug 28 15:15:02 CDT 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-27956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Asterisk Team updated ASTERISK-27956:
-------------------------------------
Target Release Version/s: 15.6.0
> res_pjsip_pubsub: segfault in function publish_expire
> ------------------------------------------------------
>
> Key: ASTERISK-27956
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27956
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip_pubsub
> Affects Versions: 13.21.0, 15.4.1
> Reporter: Alexei Gradinari
> Assignee: Alexei Gradinari
> Labels: pjsip
> Target Release: 13.23.0, 15.6.0, 16.0.0
>
>
> The function pubsub_on_rx_publish_request incorrectly uses of AST_SCHED_REPLACE_UNREF.
> The AST_SCHED_REPLACE_UNREF should unref old '_data'.
> Because of this, there may be a double unref of variable 'publication' when ast_sched_del is unsuccessful that leads to use after free of the 'publication' in publish_expire.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list