[asterisk-bugs] [JIRA] (ASTERISK-27956) res_pjsip_pubsub: segfault in function publish_expire
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Tue Jul 10 06:53:54 CDT 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-27956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=244062#comment-244062 ]
Friendly Automation commented on ASTERISK-27956:
------------------------------------------------
Change 9371 merged by Joshua Colp:
res_pjsip_pubsub: segfault in function publish_expire
[https://gerrit.asterisk.org/9371|https://gerrit.asterisk.org/9371]
> res_pjsip_pubsub: segfault in function publish_expire
> ------------------------------------------------------
>
> Key: ASTERISK-27956
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27956
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip_pubsub
> Affects Versions: 13.21.0, 15.4.1
> Reporter: Alexei Gradinari
> Assignee: Alexei Gradinari
> Labels: pjsip
>
> The function pubsub_on_rx_publish_request incorrectly uses of AST_SCHED_REPLACE_UNREF.
> The AST_SCHED_REPLACE_UNREF should unref old '_data'.
> Because of this, there may be a double unref of variable 'publication' when ast_sched_del is unsuccessful that leads to use after free of the 'publication' in publish_expire.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list