[Asterisk-code-review] res pjsip pubsub: segfault in function publish expire (asterisk[13])
Alexei Gradinari
asteriskteam at digium.com
Thu Jul 5 16:52:00 CDT 2018
Alexei Gradinari has uploaded this change for review. ( https://gerrit.asterisk.org/9351
Change subject: res_pjsip_pubsub: segfault in function publish_expire
......................................................................
res_pjsip_pubsub: segfault in function publish_expire
The function pubsub_on_rx_publish_request incorrectly uses
of AST_SCHED_REPLACE_UNREF.
The AST_SCHED_REPLACE_UNREF should unref old '_data'.
Because of this, there may be a double unref
of variable 'publication' when ast_sched_del is unsuccessful
that leads to use after free of the 'publication' in publish_expire.
Change-Id: Ie0f0cfc7e036953d890b188656010b325a5cdc82
---
M res/res_pjsip_pubsub.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/51/9351/1
diff --git a/res/res_pjsip_pubsub.c b/res/res_pjsip_pubsub.c
index 257922b..2f32ebc 100644
--- a/res/res_pjsip_pubsub.c
+++ b/res/res_pjsip_pubsub.c
@@ -3424,7 +3424,7 @@
ao2_link(handler->publications, publication);
AST_SCHED_REPLACE_UNREF(publication->sched_id, sched, expires * 1000, publish_expire, publication,
- ao2_ref(publication, -1), ao2_ref(publication, -1), ao2_ref(publication, +1));
+ ao2_ref(_data, -1), ao2_ref(publication, -1), ao2_ref(publication, +1));
} else {
AST_SCHED_DEL_UNREF(sched, publication->sched_id, ao2_ref(publication, -1));
}
--
To view, visit https://gerrit.asterisk.org/9351
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie0f0cfc7e036953d890b188656010b325a5cdc82
Gerrit-Change-Number: 9351
Gerrit-PatchSet: 1
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180705/59dfe2b7/attachment-0001.html>
More information about the asterisk-code-review
mailing list