[asterisk-bugs] [JIRA] (ASTERISK-27956) res_pjsip_pubsub: segfault in function publish_expire
Alexei Gradinari (JIRA)
noreply at issues.asterisk.org
Fri Jul 6 15:05:54 CDT 2018
Alexei Gradinari created ASTERISK-27956:
-------------------------------------------
Summary: res_pjsip_pubsub: segfault in function publish_expire
Key: ASTERISK-27956
URL: https://issues.asterisk.org/jira/browse/ASTERISK-27956
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Resources/res_pjsip_pubsub
Affects Versions: 15.4.1, 13.21.0
Reporter: Alexei Gradinari
The function pubsub_on_rx_publish_request incorrectly uses
of AST_SCHED_REPLACE_UNREF.
The AST_SCHED_REPLACE_UNREF should unref old '_data'.
Because of this, there may be a double unref
of variable 'publication' when ast_sched_del is unsuccessful
that leads to use after free of the 'publication' in publish_expire.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list