[asterisk-bugs] [JIRA] (ASTERISK-27956) res_pjsip_pubsub: segfault in function publish_expire

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Fri Jul 6 15:16:54 CDT 2018


     [ https://issues.asterisk.org/jira/browse/ASTERISK-27956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Harwell updated ASTERISK-27956:
-------------------------------------

    Status: Open  (was: Triage)

>  res_pjsip_pubsub: segfault in function publish_expire
> ------------------------------------------------------
>
>                 Key: ASTERISK-27956
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27956
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_pubsub
>    Affects Versions: 13.21.0, 15.4.1
>            Reporter: Alexei Gradinari
>              Labels: pjsip
>
> The function pubsub_on_rx_publish_request incorrectly uses
> of AST_SCHED_REPLACE_UNREF.
> The AST_SCHED_REPLACE_UNREF should unref old '_data'.
> Because of this, there may be a double unref
> of variable 'publication' when ast_sched_del is unsuccessful
> that leads to use after free of the 'publication' in publish_expire.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list