[Asterisk-code-review] sched: AST_SCHED_REPLACE_UNREF can lead to use after free of data (asterisk[16])

Alexei Gradinari asteriskteam at digium.com
Mon Oct 5 09:14:34 CDT 2020


Hello Friendly Automation, Richard Mudgett, 

I'd like you to reexamine a change. Please visit

    https://gerrit.asterisk.org/c/asterisk/+/15038

to look at the new patch set (#3).

Change subject: sched: AST_SCHED_REPLACE_UNREF can lead to use after free of data
......................................................................

sched: AST_SCHED_REPLACE_UNREF can lead to use after free of data

The data can be freed if the old object '_data' is the same object as new
'data'. Because at first the object is unreferenced which can lead to
destroying it.

This could happened in res_pjsip_pubsub when the publication is updated
which could lead to segfault in function publish_expire.

Change-Id: I0164f57c387243510bdbd2f8dcf33377b6c202da
---
M include/asterisk/sched.h
1 file changed, 3 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/38/15038/3
-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15038
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 16
Gerrit-Change-Id: I0164f57c387243510bdbd2f8dcf33377b6c202da
Gerrit-Change-Number: 15038
Gerrit-PatchSet: 3
Gerrit-Owner: Alexei Gradinari <alex2grad at gmail.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-MessageType: newpatchset
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20201005/2c792b74/attachment.html>


More information about the asterisk-code-review mailing list