| Summary: | ASTERISK-27956: res_pjsip_pubsub: segfault in function publish_expire | ||
| Reporter: | Alexei Gradinari (alexei gradinari) | Labels: | pjsip |
| Date Opened: | 2018-07-06 15:04:43 | Date Closed: | 2018-07-10 06:30:03 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip_pubsub |
| Versions: | 13.21.0 15.4.1 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | The function pubsub_on_rx_publish_request incorrectly uses of AST_SCHED_REPLACE_UNREF.
The AST_SCHED_REPLACE_UNREF should unref old '_data'. Because of this, there may be a double unref of variable 'publication' when ast_sched_del is unsuccessful that leads to use after free of the 'publication' in publish_expire. | ||
| Comments: | By: Asterisk Team (asteriskteam) 2018-07-06 15:04:45.079-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Friendly Automation (friendly-automation) 2018-07-10 06:30:03.725-0500 Change 9351 merged by Jenkins2: res_pjsip_pubsub: segfault in function publish_expire [https://gerrit.asterisk.org/9351|https://gerrit.asterisk.org/9351] By: Friendly Automation (friendly-automation) 2018-07-10 06:51:05.644-0500 Change 9372 merged by Jenkins2: res_pjsip_pubsub: segfault in function publish_expire [https://gerrit.asterisk.org/9372|https://gerrit.asterisk.org/9372] By: Friendly Automation (friendly-automation) 2018-07-10 06:52:36.913-0500 Change 9371 merged by Joshua Colp: res_pjsip_pubsub: segfault in function publish_expire [https://gerrit.asterisk.org/9371|https://gerrit.asterisk.org/9371] | ||