[Asterisk-code-review] res pjsip pubsub: segfault in function publish expire (asterisk[13])

[Alexei Gradinari]

Hello Richard Mudgett, Jenkins2, 

I'd like you to reexamine a change. Please visit

    https://gerrit.asterisk.org/9351

to look at the new patch set (#2).

Change subject: res_pjsip_pubsub: segfault in function publish_expire
......................................................................

res_pjsip_pubsub: segfault in function publish_expire

The function pubsub_on_rx_publish_request incorrectly uses
of AST_SCHED_REPLACE_UNREF.

The AST_SCHED_REPLACE_UNREF should unref old '_data'.

Because of this, there may be a double unref
of variable 'publication' when ast_sched_del is unsuccessful
that leads to use after free of the 'publication' in publish_expire.

ASTERISK-27956 #close

Change-Id: Ie0f0cfc7e036953d890b188656010b325a5cdc82
---
M res/res_pjsip_pubsub.c
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/51/9351/2
-- 
To view, visit https://gerrit.asterisk.org/9351
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ie0f0cfc7e036953d890b188656010b325a5cdc82
Gerrit-Change-Number: 9351
Gerrit-PatchSet: 2
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180706/cba55e8a/attachment-0001.html>