* [PATCH] cbs: Resolve a use-after-free that could occur with rapid location changes.
@ 2015-12-21 10:03 John Ernberg
2015-12-21 23:55 ` Denis Kenzior
0 siblings, 1 reply; 2+ messages in thread
From: John Ernberg @ 2015-12-21 10:03 UTC (permalink / raw)
To: ofono
[-- Attachment #1: Type: text/plain, Size: 946 bytes --]
From: John Ernberg <john.ernberg@actia.se>
What happens is that the timeout leaks and then the cbs struct with
the callback is cleaned up, resulting in a SIGSEGV when the callback
occurs from the glib loop.
---
src/cbs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/cbs.c b/src/cbs.c
index b5f0b72..fdc44a1 100644
--- a/src/cbs.c
+++ b/src/cbs.c
@@ -1029,11 +1029,14 @@ out:
/*
* In order to minimize signal transmissions we wait about X seconds
- * before reseting the base station id. The hope is that we receive
+ * before resetting the base station id. The hope is that we receive
* another cell broadcast with the new base station name within
* that time
*/
if (lac_changed || ci_changed) {
+ if(cbs->reset_source)
+ g_source_remove(cbs->reset_source);
+
cbs->reset_source =
g_timeout_add_seconds(3, reset_base_station_name, cbs);
}
--
1.9.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-21 23:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-21 10:03 [PATCH] cbs: Resolve a use-after-free that could occur with rapid location changes John Ernberg
2015-12-21 23:55 ` Denis Kenzior
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.