osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
11
0
Fork 0
Code Issues Releases Wiki Activity

osmo_io: Assign const name when stealing TX msg from iofd ctx 

All TX messages are moved from iofd instance to the user's context.
iofd may be destroyed, but the message is still available to the user.
To prevent a use-after-free bug, the context name must be changed from
iofd->name to a constant that does not belong to iofd.

Change-Id: Ib8dae924fa2d94a7f636136ba7279b965a18cf5b
This commit is contained in:
Andreas Eversberg 2024-02-28 16:36:29 +01:00
parent f574aea38f
commit a4ac5b8c26
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/osmo_io.c
View File

@ -152,9 +152,7 @@ struct msgb *iofd_msgb_alloc(struct osmo_io_fd *iofd)
uint16_t headroom = iofd->msgb_alloc.headroom;
OSMO_ASSERT(iofd->msgb_alloc.size < 0xffff - headroom);
return msgb_alloc_headroom_c(iofd,
iofd->msgb_alloc.size + headroom, headroom,
iofd->name ? : "iofd_msgb");
return msgb_alloc_headroom_c(iofd, iofd->msgb_alloc.size + headroom, headroom, "osmo_io_msgb");
}
/*! return the pending msgb in iofd or NULL if there is none*/