[Asterisk-code-review] sched: AST_SCHED_REPLACE_UNREF can lead to use after free of data (asterisk[16])
Sean Bright
asteriskteam at digium.com
Fri Oct 16 15:27:31 CDT 2020
Sean Bright has uploaded a new patch set (#4) to the change originally created by Alexei Gradinari. ( https://gerrit.asterisk.org/c/asterisk/+/15038 )
Change subject: sched: AST_SCHED_REPLACE_UNREF can lead to use after free of data
......................................................................
sched: AST_SCHED_REPLACE_UNREF can lead to use after free of data
The data can be freed if the old object '_data' is the same object as
new 'data'. Because at first the object is unreferenced which can lead
to destroying it.
This could happened in res_pjsip_pubsub when the publication is updated
which could lead to segfault in function publish_expire.
Change-Id: I0164f57c387243510bdbd2f8dcf33377b6c202da
---
M include/asterisk/sched.h
1 file changed, 3 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/38/15038/4
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15038
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-Change-Id: I0164f57c387243510bdbd2f8dcf33377b6c202da
Gerrit-Change-Number: 15038
Gerrit-PatchSet: 4
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-MessageType: newpatchset
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20201016/56dbecdb/attachment.html>
More information about the asterisk-code-review
mailing list